INFRASTRUCTURE CRITICAL NEW
llama.cpp 分布式推理 RPC 后端的未授权远程代码执行
llama.cpp RPC 后端缺失一处边界检查,任何能访问服务器端口的客户端都可读写进程内存并实现远程代码执行。已在 b8492 中修复。
2026-07-10 // 6 min
阅读完整分析 →
# example prompt — illustrative, defensive
# llama.cpp RPC graph-compute RCE (illustrative, defensive)
# The tensor parser only bounds-checks data when buffer != 0:
if tensor.buffer: # attacker sets buffer = 0 to skip this
validate(tensor.data) # [bounds check lives only here]
result.data = tensor.data # [payload] taken from the wire unconditionally
# Root cause: reachability == compromise; the RPC protocol has no auth.
# Defense: upgrade to build b8492+, bind ggml-rpc-server to 127.0.0.1,
# never publish port 50052, and tunnel nodes over mTLS/WireGuard.