thu-pacman Chitu Deserialization Vulnerability in Model Loading Process Allowing Arbitrary Code Execution

A critical deserialization vulnerability has been identified in thu-pacman Chitu version 0.1.0. The issue arises in the model loading process within the file chitu/chitu/backend.py, where the torch.load function is used to load checkpoint files without the weights_only=True parameter. This oversight allows for the deserialization of the entire file content, including potentially malicious Python objects and code. If a .pt file is crafted by a malicious user and loaded using the vulnerable function, it could lead to arbitrary code execution on the system.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the system where Chitu is running. This could result in unauthorized access to sensitive data, such as user information or system files, and could potentially allow an attacker to modify the behavior of the application or gain control over the system.

Reproduction

To reproduce this vulnerability, create a malicious .pt file that includes embedded Python code designed to execute harmful actions, such as deleting files or opening network connections. Place this file in a directory accessible to the Chitu application. Ensure that the application is configured to load models from this directory without the weights_only parameter. When Chitu loads the checkpoint file using torch.load, the embedded code will be executed, demonstrating the vulnerability.