CVE-2024-42478

llama.cpp provides LLM inference in C/C++. The unsafe `data` pointer member in the `rpc_tensor` structure can cause arbitrary address reading. This vulnerability is fixed in b3561.
Configurations

Configuration 1 (hide)

cpe:2.3:a:ggerganov:llama.cpp:*:*:*:*:*:*:*:*

History

15 Aug 2024, 14:03

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 5.3
v2 : unknown
v3 : 9.8
Summary
  • (es) llama.cpp proporciona inferencia LLM en C/C++. El miembro puntero "datos" inseguro en la estructura "rpc_tensor" puede provocar una lectura de dirección arbitraria. Esta vulnerabilidad se soluciona en b3561.
First Time Ggerganov llama.cpp
Ggerganov
References () https://github.com/ggerganov/llama.cpp/commit/b72942fac998672a79a1ae3c03b340f7e629980b - () https://github.com/ggerganov/llama.cpp/commit/b72942fac998672a79a1ae3c03b340f7e629980b - Patch
References () https://github.com/ggerganov/llama.cpp/security/advisories/GHSA-5vm9-p64x-gqw9 - () https://github.com/ggerganov/llama.cpp/security/advisories/GHSA-5vm9-p64x-gqw9 - Exploit, Vendor Advisory
CPE cpe:2.3:a:ggerganov:llama.cpp:*:*:*:*:*:*:*:*

12 Aug 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-12 15:15

Updated : 2024-08-15 14:03


NVD link : CVE-2024-42478

Mitre link : CVE-2024-42478

CVE.ORG link : CVE-2024-42478


JSON object : View

Products Affected

ggerganov

  • llama.cpp
CWE
CWE-125

Out-of-bounds Read