CVE-2024-3568 - Vulnerability Details - OpenCVE

The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the `load_repo_checkpoint()` function of the `TFPreTrainedModel()` class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting the use of `pickle.load()` on data from potentially untrusted sources. This vulnerability allows for remote code execution (RCE) by deceiving victims into loading a seemingly harmless checkpoint during a normal training process, thereby enabling attackers to execute arbitrary code on the targeted machine.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction Required

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://github.com/huggingface/transformers/commit/693667b8ac8138b83f8adb6522ddaf42fa07c125
https://huntr.com/bounties/b3c36992-5264-4d7f-9906-a996efafba8f

History

No history.

MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published: 2024-04-10T17:07:55.667Z

Updated: 2024-08-01T20:12:07.859Z

Reserved: 2024-04-10T09:52:12.519Z

Link: CVE-2024-3568

Vulnrichment

Updated: 2024-08-01T20:12:07.859Z

NVD

Status : Awaiting Analysis

Published: 2024-04-10T17:15:58.160

Modified: 2024-11-21T09:29:53.770

Link: CVE-2024-3568

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-3568", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-04-10T09:52:12.519Z", "datePublished": "2024-04-10T17:07:55.667Z", "dateUpdated": "2024-08-01T20:12:07.859Z"}, "containers": {"cna": {"title": "Arbitrary Code Execution via Deserialization in huggingface/transformers", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-04-16T11:10:23.437Z"}, "descriptions": [{"lang": "en", "value": "The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the `load_repo_checkpoint()` function of the `TFPreTrainedModel()` class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting the use of `pickle.load()` on data from potentially untrusted sources. This vulnerability allows for remote code execution (RCE) by deceiving victims into loading a seemingly harmless checkpoint during a normal training process, thereby enabling attackers to execute arbitrary code on the targeted machine."}], "affected": [{"vendor": "huggingface", "product": "huggingface/transformers", "versions": [{"version": "unspecified", "lessThan": "4.38", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/b3c36992-5264-4d7f-9906-a996efafba8f"}, {"url": "https://github.com/huggingface/transformers/commit/693667b8ac8138b83f8adb6522ddaf42fa07c125"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "baseScore": 3.4, "baseSeverity": "LOW"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-502 Deserialization of Untrusted Data", "cweId": "CWE-502"}]}], "source": {"advisory": "b3c36992-5264-4d7f-9906-a996efafba8f", "discovery": "EXTERNAL"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3568", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-14T17:57:26.600369Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:31:01.009Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:12:07.859Z"}, "title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/b3c36992-5264-4d7f-9906-a996efafba8f", "tags": ["x_transferred"]}, {"url": "https://github.com/huggingface/transformers/commit/693667b8ac8138b83f8adb6522ddaf42fa07c125", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/b3c36992-5264-4d7f-9906-a996efafba8f", "tags": ["x_transferred"]}, {"url": "https://github.com/huggingface/transformers/commit/693667b8ac8138b83f8adb6522ddaf42fa07c125", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:12:07.859Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3568", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-14T17:57:26.600369Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-14T17:57:28.223Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "Arbitrary Code Execution via Deserialization in huggingface/transformers", "source": {"advisory": "b3c36992-5264-4d7f-9906-a996efafba8f", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "CHANGED", "version": "3.0", "baseScore": 3.4, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "huggingface", "product": "huggingface/transformers", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "4.38", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/b3c36992-5264-4d7f-9906-a996efafba8f"}, {"url": "https://github.com/huggingface/transformers/commit/693667b8ac8138b83f8adb6522ddaf42fa07c125"}], "descriptions": [{"lang": "en", "value": "The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the `load_repo_checkpoint()` function of the `TFPreTrainedModel()` class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting the use of `pickle.load()` on data from potentially untrusted sources. This vulnerability allows for remote code execution (RCE) by deceiving victims into loading a seemingly harmless checkpoint during a normal training process, thereby enabling attackers to execute arbitrary code on the targeted machine."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-04-16T11:10:23.437Z"}}}, "cveMetadata": {"cveId": "CVE-2024-3568", "state": "PUBLISHED", "dateUpdated": "2024-08-01T20:12:07.859Z", "dateReserved": "2024-04-10T09:52:12.519Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2024-04-10T17:07:55.667Z", "assignerShortName": "@huntr_ai"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the `load_repo_checkpoint()` function of the `TFPreTrainedModel()` class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting the use of `pickle.load()` on data from potentially untrusted sources. This vulnerability allows for remote code execution (RCE) by deceiving victims into loading a seemingly harmless checkpoint during a normal training process, thereby enabling attackers to execute arbitrary code on the targeted machine."}, {"lang": "es", "value": "La librer\u00eda huggingface/transformers es vulnerable a la ejecuci\u00f3n de c\u00f3digo arbitrario a trav\u00e9s de la deserializaci\u00f3n de datos no confiables dentro de la funci\u00f3n `load_repo_checkpoint()` de la clase `TFPreTrainedModel()`. Los atacantes pueden ejecutar c\u00f3digo y comandos arbitrarios creando una carga serializada maliciosa, explotando el uso de `pickle.load()` en datos de fuentes potencialmente no confiables. Esta vulnerabilidad permite la ejecuci\u00f3n remota de c\u00f3digo (RCE) al enga\u00f1ar a las v\u00edctimas para que carguen un punto de control aparentemente inofensivo durante un proceso de entrenamiento normal, lo que permite a los atacantes ejecutar c\u00f3digo arbitrario en la m\u00e1quina de destino."}], "id": "CVE-2024-3568", "lastModified": "2024-11-21T09:29:53.770", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.4, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 1.4, "source": "security@huntr.dev", "type": "Secondary"}]}, "published": "2024-04-10T17:15:58.160", "references": [{"source": "security@huntr.dev", "url": "https://github.com/huggingface/transformers/commit/693667b8ac8138b83f8adb6522ddaf42fa07c125"}, {"source": "security@huntr.dev", "url": "https://huntr.com/bounties/b3c36992-5264-4d7f-9906-a996efafba8f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/huggingface/transformers/commit/693667b8ac8138b83f8adb6522ddaf42fa07c125"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://huntr.com/bounties/b3c36992-5264-4d7f-9906-a996efafba8f"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "security@huntr.dev", "type": "Secondary"}]}