#zeromq

[ follow ]
#remote-code-execution #pickle-deserialization #ai-inference-engines #code-reuse #python-pickle
Information security
fromThe Hacker News
3 days ago

Researchers Find Serious AI Bugs Exposing Meta, Nvidia, and Microsoft Inference Frameworks

Unsafe pickle deserialization over unauthenticated ZeroMQ sockets enables remote code execution across multiple major AI inference engines and propagated through code reuse.
fromInfoWorld
3 days ago

Copy-paste vulnerability hits AI inference frameworks at Meta, Nvidia, and Microsoft

Cybersecurity researchers have uncovered a chain of critical remote code execution (RCE) vulnerabilities in major AI inference server frameworks, including those from Meta, Nvidia, Microsoft, and open-source projects such as vLLM and SGLang. According to Oligo Security, these vulnerabilities stand out for the way they propagated. Developers copied code containing insecure patterns across projects, effectively transplanting the same flaw into multiple ecosystems.
Information security
[ Load more ]