Retr0Reg

Name of the Vulnerable Software and Affected Versions: llama.cpp version prior to b5721 Description: The issue is related to a signed vs. unsigned integer overflow in the `llama vocab::tokenize` function of llama.cpp's tokenizer implementation, resulting in unintended behavior during token copying size comparison. This allows the llama.cpp inferencing engine to be overflowed with carefully manipulated text input during the tokenization process. Recommendations: For versions prior to b5721, update to version b5721 to resolve the issue. As a temporary workaround, consider restricting the input to the `llama vocab::tokenize` function to prevent exploitation until the update can be applied.

**Name of the Vulnerable Software and Affected Versions** llama-cpp-python (affected versions not specified) **Description** The issue is related to a Server Side Template Injection vulnerability in the `llama-cpp-python` package, which allows for remote code execution. This is due to the use of `jinja2.Environment` without proper sandboxing, enabling an attacker to inject malicious code. The vulnerability is exploited by modifying the `chat template` in the model's metadata, which is then rendered by the `Jinja2ChatFormatter` class. This allows an attacker to execute arbitrary code, potentially leading to system compromises. The estimated number of potentially affected devices is not specified, but it is mentioned that over 6,000 AI models on Hugging Face are vulnerable. **Recommendations** To resolve the issue, update `llama-cpp-python` to version 0.2.72 or later, which includes a fix for the vulnerability. As a temporary workaround, consider disabling the use of `jinja2` templates or restricting access to the `Jinja2ChatFormatter` class until a patch is available. Avoid using the `chat template` parameter in the affected API endpoint until the issue is resolved.