Update README.md
Browse files
README.md
CHANGED
|
@@ -22,51 +22,50 @@ It exists solely for responsible security research, reproducibility, and validat
|
|
| 22 |
|
| 23 |
## Reproducer File
|
| 24 |
|
| 25 |
-
- poc_array_overflow.gguf — minimized crash-triggering GGUF payload (~64 bytes)
|
| 26 |
|
| 27 |
## Model Details
|
| 28 |
|
| 29 |
-
- Model type: Not a model — intentionally malformed GGUF payload
|
| 30 |
-
- Primary purpose: Security research (Model File Vulnerability testing)
|
| 31 |
-
- Format: GGUF binary
|
| 32 |
-
- Size: ~64 bytes
|
| 33 |
- Behavior: Triggers std::bad_alloc inside gguf_reader::read() due to attacker-controlled array length expansion.
|
| 34 |
The PoC was minimized via AFL++ afl-tmin, producing a stable deterministic reproducer.
|
| 35 |
|
| 36 |
## Intended Use
|
| 37 |
|
| 38 |
This artifact is intended for:
|
| 39 |
-
- Maintainership debugging
|
| 40 |
-
- MFV vulnerability validation
|
| 41 |
-
- Reproducibility of the heap overflow crash path
|
| 42 |
-
- Security pipeline hardening against malformed GGUF metadata
|
| 43 |
|
| 44 |
## Out-of-Scope / Misuse Warning
|
| 45 |
|
| 46 |
This file must not be:
|
| 47 |
-
- Used for inference
|
| 48 |
-
- Integrated into llama.cpp deployments
|
| 49 |
-
- Loaded in any production or user-facing systems
|
| 50 |
-
- Used outside controlled security testing environments
|
| 51 |
The file is intentionally malformed and triggers abnormal memory allocations and parser failures.
|
| 52 |
|
| 53 |
## Software
|
| 54 |
|
| 55 |
This PoC was generated and validated using the following software stack:
|
| 56 |
-
- Ubuntu 22.04 LTS
|
| 57 |
-
- AFL++ 4.00c / 4.35a
|
| 58 |
-
- GCC 12
|
| 59 |
-
- llama.cpp GGUF loader (specific commit used during harness build)
|
| 60 |
-
- Custom hardened GGUF harness used as reproduction target
|
| 61 |
-
This information supports maintainers in reproducing the issue.
|
| 62 |
|
| 63 |
## Citation
|
| 64 |
|
| 65 |
This repository does not correspond to a research model or paper.
|
| 66 |
It is a malformed artifact for MFV security disclosure.
|
| 67 |
|
| 68 |
-
- BibTeX: Not applicable
|
| 69 |
-
- APA: Not applicable
|
| 70 |
|
| 71 |
## Glossary
|
| 72 |
|
|
@@ -80,14 +79,14 @@ Occurs when attacker-controlled metadata forces the parser to allocate or access
|
|
| 80 |
|
| 81 |
This repository forms part of a Huntr Model File Vulnerability (MFV) disclosure.
|
| 82 |
The payload demonstrates:
|
| 83 |
-
- Memory-safety violations
|
| 84 |
-
- Unbounded allocation paths
|
| 85 |
-
- Malformed metadata handling gaps
|
| 86 |
The artifact is safe to store and inspect but unsafe to load.
|
| 87 |
|
| 88 |
## Model Card Authors
|
| 89 |
|
| 90 |
-
- Author: aTmHnTR (security researcher submitting the MFV)
|
| 91 |
|
| 92 |
## Model Card Contact
|
| 93 |
|
|
|
|
| 22 |
|
| 23 |
## Reproducer File
|
| 24 |
|
| 25 |
+
- poc_array_overflow.gguf — minimized crash-triggering GGUF payload (~64 bytes).
|
| 26 |
|
| 27 |
## Model Details
|
| 28 |
|
| 29 |
+
- Model type: Not a model — intentionally malformed GGUF payload.
|
| 30 |
+
- Primary purpose: Security research (Model File Vulnerability testing).
|
| 31 |
+
- Format: GGUF binary.
|
| 32 |
+
- Size: ~64 bytes.
|
| 33 |
- Behavior: Triggers std::bad_alloc inside gguf_reader::read() due to attacker-controlled array length expansion.
|
| 34 |
The PoC was minimized via AFL++ afl-tmin, producing a stable deterministic reproducer.
|
| 35 |
|
| 36 |
## Intended Use
|
| 37 |
|
| 38 |
This artifact is intended for:
|
| 39 |
+
- Maintainership debugging.
|
| 40 |
+
- MFV vulnerability validation.
|
| 41 |
+
- Reproducibility of the heap overflow crash path.
|
| 42 |
+
- Security pipeline hardening against malformed GGUF metadata.
|
| 43 |
|
| 44 |
## Out-of-Scope / Misuse Warning
|
| 45 |
|
| 46 |
This file must not be:
|
| 47 |
+
- Used for inference.
|
| 48 |
+
- Integrated into llama.cpp deployments.
|
| 49 |
+
- Loaded in any production or user-facing systems.
|
| 50 |
+
- Used outside controlled security testing environments.
|
| 51 |
The file is intentionally malformed and triggers abnormal memory allocations and parser failures.
|
| 52 |
|
| 53 |
## Software
|
| 54 |
|
| 55 |
This PoC was generated and validated using the following software stack:
|
| 56 |
+
- Ubuntu 22.04 LTS.
|
| 57 |
+
- AFL++ 4.00c / 4.35a.
|
| 58 |
+
- GCC 12.
|
| 59 |
+
- llama.cpp GGUF loader (specific commit used during harness build).
|
| 60 |
+
- Custom hardened GGUF harness used as reproduction target.
|
|
|
|
| 61 |
|
| 62 |
## Citation
|
| 63 |
|
| 64 |
This repository does not correspond to a research model or paper.
|
| 65 |
It is a malformed artifact for MFV security disclosure.
|
| 66 |
|
| 67 |
+
- BibTeX: Not applicable.
|
| 68 |
+
- APA: Not applicable.
|
| 69 |
|
| 70 |
## Glossary
|
| 71 |
|
|
|
|
| 79 |
|
| 80 |
This repository forms part of a Huntr Model File Vulnerability (MFV) disclosure.
|
| 81 |
The payload demonstrates:
|
| 82 |
+
- Memory-safety violations.
|
| 83 |
+
- Unbounded allocation paths.
|
| 84 |
+
- Malformed metadata handling gaps.
|
| 85 |
The artifact is safe to store and inspect but unsafe to load.
|
| 86 |
|
| 87 |
## Model Card Authors
|
| 88 |
|
| 89 |
+
- Author: aTmHnTR (security researcher submitting the MFV).
|
| 90 |
|
| 91 |
## Model Card Contact
|
| 92 |
|