Open-MMLab MMDetection Remote Code Execution Vulnerability via Unsafe Pickle Deserialization in Distributed Training API

A remote code execution vulnerability exists in Open-MMLab MMDetection version 3.3.0. The issue arises from the use of the 'pickle.loads()' function in the 'all_reduce_dict()' distributed training API, which lacks proper input validation. This flaw enables an attacker to execute arbitrary code by sending a malicious payload through the distributed training network.

Impact

Exploitation of this vulnerability allows for remote code execution on the victim's machine.

Reproduction

To reproduce this vulnerability, initiate a distributed training session using PyTorch's 'torch.distributed' framework. The victim must run 'all_reduce_dict()' while acting as a receiver in the process group. An attacker can then join the same process group as a sender, broadcasting a dictionary that, when deserialized by 'all_reduce_dict()', executes the attacker's commands on the victim's machine.

Remediation

Users are advised to sanitize data before deserialization or to use more secure deserialization methods, such as 'safetensors' or 'msgpack', in place of 'pickle'.