Tylzh97

**Name of the Vulnerable Software and Affected Versions** llama.cpp versions prior to commit 55d4206c9 **Description** llama.cpp is an inference engine for several Large Language Models (LLMs) implemented in C/C++. The software parses the `n discard` parameter directly from JSON input in its completion endpoints without validating that it is non-negative. Supplying a negative value for this parameter, when the context is full, can lead to out-of-bounds memory writes within the `llama memory seq rm/add` function during the token evaluation loop. This memory corruption can result in a process crash or potentially enable remote code execution (RCE). The vulnerable component is the parsing of the `n discard` parameter in the completion **API endpoints**. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** cbor2 versions through 5.7.0 **Description** The cbor2 software contains issues in the `decode definite long string()` function within the C extension decoder (source/decoder.c). An integer underflow can lead to an out-of-bounds read, and a memory leak occurs due to missing reference count release. The integer underflow happens because of an incorrect variable reference and a missing state reset, causing negative values in chunk length calculations. The memory leak arises from failing to release Python object references for chunk objects in each iteration of the processing loop. These issues can be exploited remotely without authentication by sending specially crafted CBOR data containing definite-length text strings with multi-byte UTF-8 characters. Successful exploitation can lead to denial of service through process crashes or memory exhaustion. **Recommendations** Update to version 5.7.1 or later.