Lucene search
GitHub_MCVE-2024-42478HistoryAug 12, 2024 - 3:15 p.m.
CVE-2024-42478
2024-08-1215:15:21
CWE-125
GitHub_M
web.nvd.nist.gov
29
llama.cpp
llm inference
c/c++
unsafe data pointer
rpc_tensor
arbitrary address reading
b3561
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
38.0%
llama.cpp provides LLM inference in C/C++. The unsafe data pointer member in the rpc_tensor structure can cause arbitrary address reading. This vulnerability is fixed in b3561.
Affected configurations
Node
ggerganovllama.cppRange<b3561
CNA Affected
[
{
"vendor": "ggerganov",
"product": "llama.cpp",
"versions": [
{
"version": "< b3561",
"status": "affected"
}
]
}
]Related
redhatcve
redhatcve
CVE-2024-42478
2024-08-13 20:44:59
nvd
nvd
CVE-2024-42478
2024-08-12 15:15:21
osv
osv
CVE-2024-42478
2024-08-12 15:15:21
vulnrichment
vulnrichment
cvelist
cvelist
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
38.0%
Related for CVE-2024-42478