Lucene search
GitHub_MCVE-2024-42479HistoryAug 12, 2024 - 3:15 p.m.
CVE-2024-42479
2024-08-1215:15:21
CWE-787
CWE-123
GitHub_M
web.nvd.nist.gov
56
20
llama.cpp rpc_tensor data pointer vulnerability arbitrary address writing fixed b3561
CVSS3
10
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
9.4
Confidence
High
EPSS
0.001
Percentile
38.0%
llama.cpp provides LLM inference in C/C++. The unsafe data pointer member in the rpc_tensor structure can cause arbitrary address writing. This vulnerability is fixed in b3561.
Affected configurations
Node
ggerganovllama.cppRange<b3561
CNA Affected
[
{
"vendor": "ggerganov",
"product": "llama.cpp",
"versions": [
{
"version": "< b3561",
"status": "affected"
}
]
}
]References
Social References
More
Related
vulnrichment
vulnrichment
CVE-2024-42479 llama.cpp allows write-what-where in rpc_server::set_tensor
2024-08-12 15:07:19
cvelist
cvelist
CVE-2024-42479 llama.cpp allows write-what-where in rpc_server::set_tensor
2024-08-12 15:07:19
nvd
nvd
CVE-2024-42479
2024-08-12 15:15:21
osv
osv
CVE-2024-42479
2024-08-12 15:15:21
nessus
nessus
LLama cpp python binding < 0.2.88 Arbitrary Write Vulnerability
2024-09-17 00:00:00
CVSS3
10
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
9.4
Confidence
High
EPSS
0.001
Percentile
38.0%
Related for CVE-2024-42479