Cloud Vulnerability DB
A community-led vulnerabilities database
Wiz Agents & Workflows are here
Vulnerability DatabaseCVE-2024-34359
CVE-2024-34359:
Llama.cpp vulnerability analysis and mitigation
Overview
A critical security vulnerability (CVE-2024-34359), dubbed 'Llama Drama', was discovered in the llama-cpp-python package, which is a Python binding for the llama.cpp library used for integrating AI models with Python. The vulnerability was discovered by researcher Patrick Peng (retr0reg) and affects versions >=v0.2.30 and <=v0.2.71. The package, which has over 3 million downloads, is widely used by AI application developers for computational efficiency by integrating Python with C++ (SecurityWeek, SecurityOnline).
Technical details
The vulnerability stems from the misuse of the Jinja2 template engine within the llama-cpp-python package. The core issue arises in the Jinja2ChatFormatter class, which processes template data without proper security measures such as sandboxing. The init constructor in the Llama class loads chat templates from targeted .gguf's Metadata and parses it to llama_chat_format.Jinja2ChatFormatter.to_chat_handler() without implementing proper security controls. This implementation uses a sandbox-less jinja2.Environment, which is rendered in call to construct the prompt of interaction. The vulnerability has been assigned a CVSS score of 9.7, indicating its critical severity (GitHub Advisory).
Impact
The exploitation of this vulnerability can lead to unauthorized actions by attackers, including data theft, system compromise, and disruption of operations. With over 6,000 models on the Hugging Face platform using the gguf format with templates potentially susceptible to similar vulnerabilities, the impact is widespread. Given the critical role of AI systems in processing sensitive and extensive datasets, the vulnerability poses significant risks to both individual privacy and organizational operational integrity (Hacker News).
Mitigation and workarounds
The vulnerability has been patched in version 0.2.72 of the llama-cpp-python package. Organizations and developers using this package are strongly advised to update to this latest version to secure their systems. The fix involves implementing proper sandboxing measures in the Jinja2 template processing (GitHub Commit).
Community reactions
The discovery of CVE-2024-34359 has raised significant concerns about the security of AI platforms and the broader supply chain. Security researchers have emphasized this vulnerability as a stark reminder of the vulnerabilities that can arise at the confluence of AI and supply chain security, highlighting the need for vigilant security practices throughout the lifecycle of AI systems and their components (Hacker News).
Additional resources
Source: This report was generated using AI
Related Llama.cpp vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management