Login Sign Up

CVE-2024-42479

10.0 CRITICAL
Remote Code Execution

📋 TL;DR

This vulnerability in llama.cpp allows attackers to write arbitrary data to any memory address due to an unsafe pointer in the rpc_tensor structure. This can lead to remote code execution, memory corruption, or denial of service. Anyone using vulnerable versions of llama.cpp for LLM inference is affected.

💻 Affected Systems

Products:
  • llama.cpp
Versions: All versions before commit b3561
Operating Systems: All platforms running llama.cpp
Default Config Vulnerable: ⚠️ Yes
Notes: Any deployment using the vulnerable rpc_tensor structure is affected regardless of configuration.

📦 What is this software?

Llama.cpp by Ggerganov

View all CVEs affecting Llama.cpp →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with full system compromise, allowing attackers to execute arbitrary commands, steal data, or pivot to other systems.

🟠

Likely Case

Denial of service through application crashes or memory corruption leading to unstable LLM inference services.

🟢

If Mitigated

Limited impact if proper network segmentation and least privilege access controls are implemented.

🌐 Internet-Facing: HIGH - If exposed to untrusted networks, attackers can exploit this without authentication.
🏢 Internal Only: MEDIUM - Internal attackers or compromised systems could exploit this, but requires network access to the service.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability involves direct memory manipulation which is typically straightforward to exploit once understood.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Commit b3561 or later

Vendor Advisory: https://github.com/ggerganov/llama.cpp/security/advisories/GHSA-wcr5-566p-9cwj

Restart Required: Yes

Instructions:

1. Update llama.cpp to commit b3561 or later
2. Recompile the application
3. Restart all llama.cpp services

🔧 Temporary Workarounds

Network Isolation

all

Restrict network access to llama.cpp services to trusted networks only

Use firewall rules to block external access to llama.cpp ports

Service Account Hardening

linux

Run llama.cpp with minimal privileges to limit potential damage

sudo useradd -r -s /bin/false llamauser
sudo chown -R llamauser:llamauser /path/to/llama

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate llama.cpp from untrusted networks
  • Deploy application-level firewalls or WAFs to monitor and block suspicious requests

🔍 How to Verify

Check if Vulnerable:

Check if your llama.cpp version is older than commit b3561 by examining the git commit hash or version information

Check Version:

git log --oneline -1

Verify Fix Applied:

Verify the commit hash includes b3561 or later, and test that the rpc_tensor structure no longer contains the unsafe data pointer

📡 Detection & Monitoring

Log Indicators:

  • Unexpected application crashes
  • Memory access violation errors
  • Unusual network connections to llama.cpp ports

Network Indicators:

  • Suspicious payloads sent to llama.cpp RPC endpoints
  • Unusual traffic patterns to inference services

SIEM Query:

source="llama.cpp" AND (event_type="crash" OR event_type="memory_error")

📊 Metadata

CVE ID: CVE-2024-42479
CVSS v3 Score: 10.0 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-123
Published: August 12, 2024
Last Updated: August 15, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-42479, you might also want to check these:

CVE-2025-9900 8.8

This CVE describes a write-what-where vulnerability in Libtiff where processing a specially crafted ...

Same vulnerability type (CWE-123)
CVE-2024-36877 8.2

This vulnerability allows attackers to write arbitrary data to arbitrary memory locations in affecte...

Same vulnerability type (CWE-123)
CVE-2025-33045 8.2

This CVE describes vulnerabilities in APTIOV BIOS firmware where a privileged local user can write a...

Same vulnerability type (CWE-123)