What is the CVSS score of CVE-2024-42479?

CVE-2024-42479 has a CVSS 3.1 base score of 10.0 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 5.7%.

Which versions of llama.cpp are affected by CVE-2024-42479?

llama.cpp's RPC server contains a critical vulnerability (CVE-2024-42479, CVSS 10.0) that allows remote attackers to execute arbitrary code on any system running the inference service, potentially…. A patch is available.

Is there a public PoC exploit available for CVE-2024-42479?

Yes, a public proof-of-concept exploit is available for CVE-2024-42479. Prioritise patching immediately. EPSS: 5.7%.

How to fix or mitigate CVE-2024-42479?

Within 24 hours: Audit all systems running llama.cpp to identify which versions are deployed and their network exposure status. Within 7 days: Upgrade all affected systems to llama.cpp release b3561 or later; prioritize internet-facing or multi-tenant systems first. Within 30 days: Verify patch deployment across the full estate, implement network segmentation to restrict RPC server access to trusted systems only, and review logs for signs of exploitation attempts.

llama.cpp CVE-2024-42479

CRITICAL

Write-what-where Condition (CWE-123)

2024-08-12 security-advisories@github.com

Information Disclosure Llama Cpp

10.0

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

10.0 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

DescriptionGitHub Advisory

llama.cpp provides LLM inference in C/C++. The unsafe data pointer member in the rpc_tensor structure can cause arbitrary address writing. This vulnerability is fixed in b3561.

AnalysisAI

Arbitrary memory write in llama.cpp's RPC server allows remote unauthenticated attackers to corrupt arbitrary memory addresses via the unsafe data pointer in the rpc_tensor structure, leading to full code execution on the host running the inference service. The flaw earned a maximum CVSS 10.0 (scope changed) and publicly available exploit code exists, though it is not yet listed in CISA KEV; EPSS sits at 5.68% (90th percentile), reflecting elevated but not widespread targeting. Fixed in release b3561.

Technical ContextAI

llama.cpp is a widely deployed C/C++ implementation of LLaMA-family LLM inference, identified by CPE cpe:2.3:a:ggml:llama.cpp. It includes an optional RPC server that lets remote clients submit tensors for distributed inference; tensors are described by the rpc_tensor structure, which historically carried a raw data pointer used directly by the server. The CWE-123 (Write-what-where Condition) classification fits exactly: an attacker-controlled value is treated as a destination pointer for memory writes, giving primitive control to corrupt arbitrary memory in the server process - heap metadata, function pointers, vtables, or return addresses.

RemediationAI

Vendor-released patch: upgrade to llama.cpp release b3561 or later, which removes the unsafe direct use of the attacker-supplied data pointer in rpc_tensor. If immediate patching is not possible, do not expose the llama.cpp RPC server to untrusted networks: stop launching rpc-server (or --rpc mode), or bind it to localhost only and front it with a network ACL/firewall restricting access to known inference clients; this fully removes the attack surface but breaks distributed inference setups that depend on remote workers. Network-level controls (block the RPC port at perimeter, run behind a mutual-TLS tunnel or VPN) are reasonable compensating controls until upgrade is complete, with the trade-off that they do not protect against a malicious tenant inside the trusted segment.

CVE-2024-42479 vulnerability details – vuln.today

Back

llama.cpp CVE-2024-42479

Severity by source

CVSS VectorGitHub Advisory

DescriptionGitHub Advisory

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code