CVE-2024-42477 Information

Description

llama.cpp provides LLM inference in C/C++. The unsafe type member in the rpc_tensor structure can cause global-buffer-overflow. This vulnerability may lead to memory data leakage. The vulnerability is fixed in b3561.

Reference

https://github.com/ggerganov/llama.cpp/security/advisories/GHSA-mqp6-7pv6-fqjf https://github.com/ggerganov/llama.cpp/commit/b72942fac998672a79a1ae3c03b340f7e629980b