CVE-2024-50050

Vulnerability

Overview

CVE-2024-50050 affects Meta's Llama Stack library prior to commit 7a8aa775e5a267cf8660d83140011a0b7f91e005. The vulnerability stems from the use of Python's pickle module as the serialization format for socket-based communication. Pickle is known to be unsafe when deserializing untrusted data, as it can execute arbitrary code during the unpickling process.

Attack

Vector

An attacker who can send crafted serialized data to a listening Llama Stack socket can trigger RCE. The attack requires network access to the affected socket endpoint and the ability to inject a malicious pickle payload. No authentication is mentioned in the advisory, making unauthenticated network access a plausible attack scenario.

Impact

Successful exploitation allows remote code execution in the context of the Llama Stack process. An attacker could then compromise the host system, exfiltrate data, or move laterally within the network.

Mitigation

The fix replaces pickle with JSON serialization for all socket communication, which is inherently safer as it does not support deserialization of arbitrary objects. Users must update to a version at or after the referenced commit. Meta has advised updating immediately [1].