Llama Cpp
CVE-2024-42478
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionGitHub Advisory
llama.cpp provides LLM inference in C/C++. The unsafe data pointer member in the rpc_tensor structure can cause arbitrary address reading. This vulnerability is fixed in b3561.
AnalysisAI
llama.cpp provides LLM inference in C/C++. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. llama.cpp provides LLM inference in C/C++. The unsafe data pointer member in the rpc_tensor structure can cause arbitrary address reading. This vulnerability is fixed in b3561. Affected products include: Ggml Llama.Cpp.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.
Arbitrary memory write in llama.cpp's RPC server allows remote unauthenticated attackers to corrupt arbitrary memory add
Remote code execution in llama.cpp (commit 18c2e17) is possible when a user opens a malicious .gguf model file, triggeri
Remote code execution in llama.cpp (commit 18c2e17) is possible when a victim loads a malicious .gguf model file, trigge
Remote code execution in llama.cpp (GGUF library) allows attackers to achieve arbitrary code execution by tricking a use
Remote code execution in llama.cpp (commit 18c2e17) occurs when the GGUF library's gguf_fread_str function parses a mali
Heap-based buffer overflow in llama.cpp's GGUF library header parser (commit 18c2e17) enables code execution when a vict
Remote code execution in llama.cpp RPC backend allows unauthenticated attackers with TCP access to achieve arbitrary mem
Llama.cpp is LLM inference in C/C++. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no auth
Remote code execution in llama.cpp prior to commit b7824 is possible through a crafted GGUF file that exploits an intege
Local attackers can achieve heap buffer overflow in llama.cpp versions before b8146 through integer overflow in the GGUF
llama.cpp provides LLM inference in C/C++. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable,
llama.cpp provides LLM inference in C/C++. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable,
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today