{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/heap_overflow/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["llama.cpp"],"_cs_severities":["critical"],"_cs_tags":["llama.cpp","integer_overflow","rce","heap_overflow"],"_cs_type":"advisory","_cs_vendors":["llama.cpp"],"content_html":"\u003cp\u003ellama.cpp is a C/C++ library used for inference of various Large Language Models (LLMs). A critical vulnerability, identified as CVE-2026-33298, exists in versions prior to commit b7824. This vulnerability stems from an integer overflow within the \u003ccode\u003eggml_nbytes\u003c/code\u003e function. Attackers can exploit this by crafting a malicious GGUF file containing specifically designed tensor dimensions. This crafted file causes \u003ccode\u003eggml_nbytes\u003c/code\u003e to incorrectly calculate the required memory size, returning a value significantly smaller than needed. Consequently, when the application processes the tensor, a heap-based buffer overflow occurs, potentially leading to memory corruption and Remote Code Execution (RCE). Organizations utilizing affected versions of llama.cpp are at risk of exploitation if processing untrusted GGUF files.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious GGUF file designed with specific tensor dimensions to trigger the integer overflow.\u003c/li\u003e\n\u003cli\u003eThe victim application, using a vulnerable version of llama.cpp (prior to commit b7824), attempts to load the malicious GGUF file using standard file processing functions.\u003c/li\u003e\n\u003cli\u003eDuring the loading process, the \u003ccode\u003eggml_nbytes\u003c/code\u003e function is called to calculate the memory required for the tensor defined within the GGUF file.\u003c/li\u003e\n\u003cli\u003eDue to the crafted tensor dimensions, \u003ccode\u003eggml_nbytes\u003c/code\u003e experiences an integer overflow, returning a much smaller memory size than actually required. For example, it may return 4MB when Exabytes are needed.\u003c/li\u003e\n\u003cli\u003eThe application allocates a buffer based on the undersized value returned by \u003ccode\u003eggml_nbytes\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe application proceeds to copy tensor data from the GGUF file into the undersized buffer, causing a heap-based buffer overflow.\u003c/li\u003e\n\u003cli\u003eThe buffer overflow corrupts adjacent memory regions on the heap, potentially overwriting critical data structures or executable code.\u003c/li\u003e\n\u003cli\u003eIf the overwritten memory contains executable code, the attacker can achieve Remote Code Execution (RCE) by hijacking the program's control flow to execute arbitrary code.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows an attacker to execute arbitrary code on the affected system. Given the nature of LLM applications, this could lead to data exfiltration, system compromise, or further lateral movement within the network. The CVSS v3.1 base score is 7.8, highlighting the high potential for impact. If a llama.cpp application processes untrusted GGUF files, it is vulnerable to remote code execution.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade llama.cpp to commit b7824 or later to patch the integer overflow vulnerability in \u003ccode\u003eggml_nbytes\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization for GGUF files to prevent the processing of malicious files with crafted tensor dimensions.\u003c/li\u003e\n\u003cli\u003eEnable process creation logging to monitor for unexpected processes spawned by llama.cpp, which could indicate successful exploitation (see Sigma rule \u0026quot;Detect Suspicious llama.cpp Child Processes\u0026quot;).\u003c/li\u003e\n\u003cli\u003eImplement the Sigma rule \u0026quot;Detect Malicious GGUF File Loading\u0026quot; to detect attempts to load GGUF files with characteristics that may indicate exploitation attempts.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-09T12:00:00Z","date_published":"2024-01-09T12:00:00Z","id":"https://feed.craftedsignal.io/briefs/2024-01-09-llama-cpp-overflow/","summary":"A heap-based buffer overflow vulnerability exists in llama.cpp due to an integer overflow in the `ggml_nbytes` function, allowing attackers to potentially achieve Remote Code Execution (RCE) by crafting malicious GGUF files.","title":"llama.cpp Integer Overflow Vulnerability Leading to Potential RCE","url":"https://feed.craftedsignal.io/briefs/2024-01-09-llama-cpp-overflow/"}],"language":"en","title":"CraftedSignal Threat Feed - Heap_overflow","version":"https://jsonfeed.org/version/1.1"}