CVE-2024-21836: 
Homebrew vulnerability analysis and mitigation

A heap-based buffer overflow vulnerability exists in the GGUF library header.n_tensors functionality of llama.cpp Commit 18c2e17. The vulnerability was discovered in January 2024 and affects the LLaMA.cpp implementation, which is used for running LLaMA models. This security flaw has been assigned CVE-2024-21836 and has received a high severity CVSS v3.1 score of 8.8 (Talos Intelligence).

The vulnerability stems from an integer overflow in the GGUF file parsing functionality. When processing the header.n_tensors value, which is an arbitrary uint64_t value, multiplication with sizeof(struct gguf_tensor_info) (88 bytes) can lead to an integer overflow. This results in allocating fewer elements than required, potentially causing a heap-based buffer overflow when writing the pointer to a string in info->name. The issue is classified under CWE-190 (Integer Overflow or Wraparound) (Talos Intelligence).

The vulnerability allows for potential code execution through a specially crafted .gguf file. Given the CVSS score of 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), the impact is considered high, potentially affecting confidentiality, integrity, and availability of the system (Talos Intelligence).

The vulnerability has been fixed in versions after Commit 18c2e17. Databricks independently reported this vulnerability concurrently with Cisco Talos's discovery. The vendor released a patch on January 29, 2024 (Talos Intelligence).