6 matches found
SUSE CVE-2026-21869
llama.cpp is an inference of several LLM models in C/C++. In commits 55d4206c8 and prior, the ndiscard parameter is parsed directly from JSON input in the llama.cpp server's completion endpoints without validation to ensure it's non-negative. When a negative value is supplied and the context fill...
CVE-2026-21869
A flaw was found in llama.cpp. A remote attacker can exploit an input validation vulnerability in the server's completion endpoints. By supplying a negative value for the ndiscard parameter in JSON input, an attacker can cause out-of-bounds memory writes. This can lead to a process crash or enabl...
Out-of-bounds Write
Overview Affected versions of this package are vulnerable to Out-of-bounds Write via the ndiscard parameter in the server's completion endpoints. An attacker can cause memory corruption, process crashes, or potentially execute arbitrary code by supplying a negative value that leads to out-of-boun...
CVE-2026-21869 llama.cpp has Out-of-bounds Write in llama-server
llama.cpp is an inference of several LLM models in C/C++. In commits 55d4206c8 and prior, the ndiscard parameter is parsed directly from JSON input in the llama.cpp server's completion endpoints without validation to ensure it's non-negative. When a negative value is supplied and the context fill...
CVE-2026-21869
CVE-2026-21869 affects llama.cpp prior to commit 55d4206c9, where the server’s completion endpoints parse the non‑negative constraint for the JSON input parameter n_discard without validation. A negative n_discard can cause a reversed range/offset in llama_memory_seq_rm/add, leading to out‑of‑bou...
CVE-2026-21869
llama.cpp is an inference of several LLM models in C/C++. In commits 55d4206c8 and prior, the ndiscard parameter is parsed directly from JSON input in the llama.cpp server's completion endpoints without validation to ensure it's non-negative. When a negative value is supplied and the context fill...