Lucene search
GitHub_MCVE-2024-42477HistoryAug 12, 2024 - 3:15 p.m.
CVE-2024-42477
2024-08-1215:15:21
CWE-401
CWE-125
GitHub_M
web.nvd.nist.gov
25
llama.cpp
llm inference
rpc_tensor
global buffer overflow
memory data leakage
b3561
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
5.2
Confidence
High
EPSS
0.001
Percentile
17.7%
llama.cpp provides LLM inference in C/C++. The unsafe type member in the rpc_tensor structure can cause global-buffer-overflow. This vulnerability may lead to memory data leakage. The vulnerability is fixed in b3561.
Affected configurations
Node
ggerganovllama.cppRange<b3561
CNA Affected
[
{
"vendor": "ggerganov",
"product": "llama.cpp",
"versions": [
{
"version": "< b3561",
"status": "affected"
}
]
}
]Related
cvelist
cvelist
CVE-2024-42477 llama.cpp global-buffer-overflow in ggml_type_size
2024-08-12 15:02:40
osv
osv
CVE-2024-42477
2024-08-12 15:15:21
vulnrichment
vulnrichment
CVE-2024-42477 llama.cpp global-buffer-overflow in ggml_type_size
2024-08-12 15:02:40
redhatcve
redhatcve
CVE-2024-42477
2024-08-13 20:44:59
nvd
nvd
CVE-2024-42477
2024-08-12 15:15:21
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
5.2
Confidence
High
EPSS
0.001
Percentile
17.7%
Related for CVE-2024-42477