PT-2024-29974 · Llama.Cpp · Llama.Cpp
7Resp4Ss
·
Published
2024-08-12
·
Updated
2024-11-23
·
CVE-2024-42478
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
llama.cpp versions prior to b3561
Description
The issue is related to the
rpc tensor structure in llama.cpp, which provides LLM inference in C/C++. The data pointer member in this structure is unsafe, allowing for arbitrary address reading.Recommendations
For versions prior to b3561, update to b3561 or later to resolve the issue. As a temporary workaround, consider restricting access to the
rpc tensor structure to minimize the risk of exploitation.Exploit
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Llama.Cpp