CRITICAL🇵🇱 Wersja polska

CVE-2024-42479

CVSS 10.0v3.1pub. 2024-08-12upd. 2026-04-27

llama.cpp provides LLM inference in C/C++. The unsafe `data` pointer member in the `rpc_tensor` structure can cause arbitrary address writing. This vulnerability is fixed in b3561.

🤖 AI Analysis
How it works

The rpc_tensor structure used in the RPC layer of the llama.cpp library contains a data field that is a pointer which is not properly validated (CWE-787: out-of-bounds write, CWE-123: write-what-where condition). An attacker can provide crafted data that causes the data pointer to point to any address in the process's address space. As a result, it is possible to overwrite any memory region with a value controlled by the attacker, which classically leads to hijacking the program's execution flow.

Impact

A remote, unauthenticated attacker can achieve remote code execution (RCE) with the privileges of the process handling RPC requests, which may lead to complete system takeover, data exfiltration, and violation of service integrity and availability.

Mitigation & patch

Update llama.cpp to version b3561 or newer, in which the vulnerability has been fixed. The patch is available in the project's GitHub repository at the indicated commit. Until the update is applied, it is recommended to restrict network access to the RPC interface of the library only to trusted hosts using a firewall.

Who is affected

llama.cpp (Ggml product) in versions earlier than b3561 (commit b72942fac998672a79a1ae3c03b340f7e629980b)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Ggml Llama.cpp

    APP
    Ggml
    < b3561
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-34159CRITICAL9.8PL ✓ten sam produkt

RCE w llama.cpp — brak walidacji granic w RPC backend (deserialization)

CVE-2026-33298HIGH7.8ten sam produkt

llama.cpp is an inference of several LLM models in C/C++. Prior to b7824, an integer overflow vulnerability in...

CVE-2026-27940HIGH7.8ten sam produkt

llama.cpp is an inference of several LLM models in C/C++. Prior to b8146, the gguf_init_from_file_impl() in gg...

CVE-2026-21869HIGH8.8ten sam produkt

llama.cpp is an inference of several LLM models in C/C++. In commits 55d4206c8 and prior, the n_discard parame...

CVE-2025-52566HIGH8.6ten sam produkt

llama.cpp is an inference of several LLM models in C/C++. Prior to version b5721, there is a signed vs. unsign...