llama.cpp provides LLM inference in C/C++. The unsafe `data` pointer member in the `rpc_tensor` structure can cause arbitrary address writing. This vulnerability is fixed in b3561.
The rpc_tensor structure used in the RPC layer of the llama.cpp library contains a data field that is a pointer which is not properly validated (CWE-787: out-of-bounds write, CWE-123: write-what-where condition). An attacker can provide crafted data that causes the data pointer to point to any address in the process's address space. As a result, it is possible to overwrite any memory region with a value controlled by the attacker, which classically leads to hijacking the program's execution flow.
A remote, unauthenticated attacker can achieve remote code execution (RCE) with the privileges of the process handling RPC requests, which may lead to complete system takeover, data exfiltration, and violation of service integrity and availability.
Update llama.cpp to version b3561 or newer, in which the vulnerability has been fixed. The patch is available in the project's GitHub repository at the indicated commit. Until the update is applied, it is recommended to restrict network access to the RPC interface of the library only to trusted hosts using a firewall.
llama.cpp (Ggml product) in versions earlier than b3561 (commit b72942fac998672a79a1ae3c03b340f7e629980b)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HGgml Llama.cpp
APPGgml< b3561
Related vulnerabilities
RCE w llama.cpp — brak walidacji granic w RPC backend (deserialization)
llama.cpp is an inference of several LLM models in C/C++. Prior to b7824, an integer overflow vulnerability in...
llama.cpp is an inference of several LLM models in C/C++. Prior to b8146, the gguf_init_from_file_impl() in gg...
llama.cpp is an inference of several LLM models in C/C++. In commits 55d4206c8 and prior, the n_discard parame...
llama.cpp is an inference of several LLM models in C/C++. Prior to version b5721, there is a signed vs. unsign...