Mem0 Remote Code Execution Vulnerability via Unsafe Pickle Deserialization

A remote code execution vulnerability exists in Mem0 versions through 1.0.11, specifically within the FAISS vector store implementation. The issue arises from unsafe deserialization of data using Python's pickle module, which can be exploited to execute arbitrary commands on the server. This vulnerability is particularly concerning as it allows attackers to manipulate FAISS index files, potentially poisoning search results or executing malicious payloads that could compromise the server.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the server host, with high potential for misuse, such as executing a reverse shell to gain server access.

Reproduction

The vulnerability can be reproduced by crafting a pickle file that includes a payload designed to execute a command, such as creating a file on the server. This malicious pickle file can then be loaded by the application, triggering the execution of the embedded command.

Remediation

Users are advised to update to Mem0 version 1.0.12 or later, where this vulnerability has been fixed. The update process involves applying the patch available in the official Mem0 repository.