CVE-2024-42479
Published: 12 August 2024
Summary
CVE-2024-42479 is a critical-severity Write-what-where Condition (CWE-123) vulnerability in Ggml Llama.Cpp. Its CVSS base score is 10.0 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 9.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as NLP and Transformers; in the Other ATLAS/OWASP Terms risk domain; MITRE ATLAS techniques in scope: External Harms (AML.T0048).
Deeper analysis
llama.cpp, a C/C++ library providing LLM inference, is affected by CVE-2024-42479, a flaw in the rpc_tensor structure. The unsafe data pointer member permits arbitrary address writing, corresponding to CWE-123 and CWE-787, and carries a CVSS 3.1 score of 10.0 reflecting network-reachable impact with high consequences for confidentiality, integrity, and availability plus scope change.
An unauthenticated remote attacker can supply crafted RPC data to trigger the write primitive, achieving arbitrary memory modification that may lead to code execution or full host compromise in affected deployments.
The issue is resolved in commit b3561, per the associated GitHub security advisory GHSA-wcr5-566p-9cwj, which directs users to apply the patch.
EPSS remains low at a current value of 0.0568 with a peak of 0.0586 and shows no material rise; the vulnerability is relevant to AI/ML environments that expose llama.cpp RPC interfaces for distributed inference.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-39639
Vulnerability details
llama.cpp provides LLM inference in C/C++. The unsafe `data` pointer member in the `rpc_tensor` structure can cause arbitrary address writing. This vulnerability is fixed in b3561.
- CWE(s)
AI Security AnalysisAI
- AI Category
- NLP and Transformers
- Risk Domain
- Other ATLAS/OWASP Terms
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- llama.cpp is a C/C++ library specifically for LLM (Large Language Model) inference, which relies on transformer architectures central to NLP tasks.
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Arbitrary address writing via unsafe data pointer in rpc_tensor enables remote code execution for initial access when exploiting a public-facing llama.cpp server and facilitates privilege escalation through memory corruption.
MITRE ATLAS TechniquesAI
MITRE ATLAS techniques
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Write-what-where primitives are neutralized when the attacker cannot execute the memory they control.