EUVD-2025-7068

Malicious code in bioql PyPI...

Buffer Access with Incorrect Length Value

Overview nvidia-pytriton is a PyTriton - Flask/FastAPI-like interface to simplify Triton's deployment in Python environments. Affected versions of this package are vulnerable to Buffer Access with Incorrect Length Value via the MessageQueue class in the bundled Python backend. An attacker could...

CVE-2024-11041

A flaw was found in the vLLM MessageQueue. This vulnerability allows remote code execution via the MessageQueue.dequeue function, which improperly uses pickle.loads to parse received sockets, enabling an attacker to execute arbitrary code by sending a malicious payload. Mitigation Mitigation for...

vLLM Deserialization of Untrusted Data vulnerability

vllm-project vllm version v0.6.2 contains a vulnerability in the MessageQueue.dequeue API function. The function uses pickle.loads to parse received sockets directly, leading to a remote code execution vulnerability. An attacker can exploit this by sending a malicious payload to the MessageQueue,...

CVE-2024-11041

vllm-project vllm version v0.6.2 contains a vulnerability in the MessageQueue.dequeue API function. The function uses pickle.loads to parse received sockets directly, leading to a remote code execution vulnerability. An attacker can exploit this by sending a malicious payload to the MessageQueue,...

CVE-2024-11041

vllm-project vllm version v0.6.2 contains a vulnerability in the MessageQueue.dequeue API function. The function uses pickle.loads to parse received sockets directly, leading to a remote code execution vulnerability. An attacker can exploit this by sending a malicious payload to the MessageQueue,...

CVE-2024-11041

vllm-project vLLM version 0.6.2 contains a vulnerability in MessageQueue.dequeue() where pickle.loads is used to parse received sockets, enabling remote code execution if a malicious payload is sent to the MessageQueue. Multiple sources (CVE-2024-11041 entries across OSV, RH Red Hat, GHSA, CHAING...

CVE-2024-11041 Remote Code Execution in vllm-project/vllm

vllm-project vllm version v0.6.2 contains a vulnerability in the MessageQueue.dequeue API function. The function uses pickle.loads to parse received sockets directly, leading to a remote code execution vulnerability. An attacker can exploit this by sending a malicious payload to the MessageQueue,...

OSV-2020-597 UNKNOWN READ in ot::MessageQueue::GetHead

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13386 Crash type: UNKNOWN READ Crash state: ot::MessageQueue::GetHead ot::Coap::CoapBase::ClearRequestsAndResponses ot::Coap::CoapSecure::Stop...

OSV-2020-467 UNKNOWN READ in ot::MessageQueue::GetTail

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13345 Crash type: UNKNOWN READ Crash state: ot::MessageQueue::GetTail ot::Message::GetNext ot::MeshForwarder::GetDirectTransmission...