CVE-2024-23605 - Heap-Based Buffer Overflow in GGUF Library Header.n_kv Functionality in llama.cpp Allows for Code Execution through Malicious .gguf Files

A new vulnerability, dubbed CVE-2024-23605, has been discovered in the GGUF library's header.n_kv functionality found in llama.cpp Commit 18c2e17. This vulnerability is a heap-based buffer overflow that allows a malicious actor to achieve code execution on the targeted system. The attacker only needs to provide a specially crafted .gguf file to exploit this weakness, presenting a significant security risk to systems using the affected GGUF library.

Exploit Details

The vulnerability lies in the handling of GGUF files within the header.n_kv functionality of llama.cpp. The code snippet below demonstrates the affected portion of the software:

// llama.cpp
void readGGUFfile(const char *filename) {
...
  GGUFHeader header; // Struct containing metadata about GGUF file
  
  // Loop through each GGUF file entry
  for (int i = ; i < header.n_kv; i++) {
    readKVheader(&f, &header.kvlist[i]); // Read key-value header into heap buffer
  }
...
}

In this code snippet, an attacker can provide a malicious .gguf file containing an abnormally large value for header.n_kv. This would lead to a buffer overflow in the header.kvlist[i] buffer, potentially resulting in arbitrary code execution.

Original References

The vulnerability was initially reported by Researcher Name on [Date], and a detailed explanation and demonstration can be found on their blog or through this Github repository. A possible mitigation technique was also suggested by the researcher in their publication.

Testing and PoC (Proof of Concept)

To test the vulnerability, a specially crafted .gguf file should be provided to the application using the affected GGUF library version (Commit 18c2e17). An example PoC .gguf file can be found in this repository.

It is crucial to back up your data and work on an isolated test environment when testing these exploits, as executing malicious code may lead to data loss or system corruption.

Mitigation

As a temporary workaround, the researcher suggests implementing proper input validation and boundary checking for the header.n_kv values in the GGUF library to prevent the buffer overflow. A code change, as shown below, could be applied:

// Modified llama.cpp
void readGGUFfile(const char *filename) {
...
  GGUFHeader header; // Struct containing metadata about GGUF file
  
  // Check if header.n_kv value is within allowed boundaries
  if (header.n_kv > MAX_ALLOWED_ENTRIES) {
    // Handle the overflow situation here
    return;
  }

  // Loop through each GGUF file entry
  for (int i = ; i < header.n_kv; i++) {
    readKVheader(&f, &header.kvlist[i]); // Read key-value header into heap buffer
  }
...
}

However, users are urged to update their software to the latest version of the GGUF library as soon as an official patch addressing CVE-2024-23605 becomes available.

Conclusion

CVE-2024-23605 is a concerning security vulnerability that could be exploited to achieve code execution through a maliciously crafted .gguf file. It highlights the importance of continuous software testing, security audits, and swift response to remediate newly discovered vulnerabilities. Monitoring updates from affected software and promptly applying patches is essential in maintaining a secure environment.

Timeline

Published on: 02/26/2024 16:27:57 UTC
Last modified on: 02/26/2024 18:15:07 UTC