CVE-2024-21825

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Feb 26, 2024
CWE ID 190

Summary

CVE-2024-21825 is a heap-based buffer overflow vulnerability that exists in the GGUF library GGUF_TYPE_ARRAY/GGUF_TYPE_STRING parsing functionality of llama.cpp Commit 18c2e17. This vulnerability can be exploited by providing a malicious .gguf file, potentially leading to code execution. The vulnerability has a base severity rating of HIGH and a base score of 8.8 according to the CVSS 3.1 scoring system. It requires user interaction and can be exploited over a network. The impact includes high confidentiality and integrity impact, with potential for unauthorized access to sensitive information. There is no analysis available for this vulnerability at the moment.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-21825 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options