CVE-2024-42479

Name of the Vulnerable Software and Affected Versions llama.cpp versions prior to b3561

Description The issue is related to the rpc tensor structure in llama.cpp, which provides LLM inference in C/C++. The unsafe data pointer member can cause arbitrary address writing, potentially leading to remote code execution if exploited. Millions of devices may be exposed to this risk.

Recommendations For versions prior to b3561, update the library to b3561 or later to fix the vulnerability. As a temporary workaround, consider restricting access to the rpc tensor structure or disabling the data pointer member until a patch is available.