EUVD-2024-39638

Malicious code in bioql PyPI...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read through the rpctensor structure. An attacker can read arbitrary memory addresses by manipulating the data pointer. PoC from pwn import ALLOCBUFFER = 0 GETALIGNMENT = 1 GETMAXSIZE = 2 BUFFERGETBASE = 3 FREEBUFFER = 4...

Write-what-where Condition

Overview Affected versions of this package are vulnerable to Write-what-where Condition through the rpctensor structure. An attacker can write to arbitrary memory addresses by manipulating the data pointer. PoC from pwn import ALLOCBUFFER = 0 GETALIGNMENT = 1 GETMAXSIZE = 2 BUFFERGETBASE = 3...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the rpctensor structure. An attacker can cause memory data leakage by exploiting the unsafe type member. PoC from pwn import ALLOCBUFFER = 0 GETALIGNMENT = 1 GETMAXSIZE = 2 BUFFERGETBASE = 3 FREEBUFFER = 4...

llama.cpp 安全漏洞

llama.cpp is a multimodal model. llama.cpp suffers from a remote code execution vulnerability that originates in the data pointer in the rpctensor structure, which can be exploited by an attacker to cause an arbitrary address to be read...

PT-2024-29973 · Llama.Cpp · Llama.Cpp

Name of the Vulnerable Software and Affected Versions: llama.cpp version b3561 and earlier Description: The issue arises from the unsafe type member in the rpc tensor structure, which can cause a global-buffer-overflow. This may lead to memory data leakage. Recommendations: For versions prior to...

PT-2024-29975 · Llama.Cpp · Llama.Cpp

Name of the Vulnerable Software and Affected Versions: llama.cpp versions prior to b3561 Description: The issue is related to the rpc tensor structure in llama.cpp, which provides LLM inference in C/C++. The unsafe data pointer member can cause arbitrary address writing, potentially leading to...