npm - @blamejs/exceptd-skills - Versions diffs - 0.13.83 → 0.13.84 - Mend

@blamejs/exceptd-skills 0.13.83 → 0.13.84

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

package/CHANGELOG.md +4 -0
package/data/_indexes/_meta.json +9 -9
package/data/_indexes/activity-feed.json +2 -2
package/data/_indexes/catalog-summaries.json +2 -2
package/data/_indexes/chains.json +1368 -0
package/data/atlas-ttps.json +4 -1
package/data/attack-techniques.json +5 -0
package/data/cve-catalog.json +313 -1
package/data/cwe-catalog.json +4 -0
package/data/framework-control-gaps.json +24 -0
package/data/zeroday-lessons.json +150 -0
package/manifest.json +44 -44
package/package.json +2 -2
package/sbom.cdx.json +25 -25

package/data/atlas-ttps.json CHANGED Viewed

@@ -1702,8 +1702,11 @@
     "is_subtechnique": false,
     "cve_refs": [
       "CVE-2023-48022",
+      "CVE-2024-42478",
+      "CVE-2024-42479",
       "CVE-2025-64496",
-      "CVE-2026-0766"
+      "CVE-2026-0766",
+      "CVE-2026-34159"
     ]
   },
   "AML.T0050": {

package/data/attack-techniques.json CHANGED Viewed

@@ -270,6 +270,7 @@
     ],
     "cve_refs": [
       "CVE-2023-48022",
+      "CVE-2024-42479",
       "CVE-2024-50050",
       "CVE-2025-1094",
       "CVE-2025-11837",
@@ -298,6 +299,7 @@
       "CVE-2026-30624",
       "CVE-2026-30625",
       "CVE-2026-32202",
+      "CVE-2026-34159",
       "CVE-2026-39884",
       "CVE-2026-39987",
       "CVE-2026-40933",
@@ -836,6 +838,8 @@
       "CVE-2024-1709",
       "CVE-2024-21762",
       "CVE-2024-37079",
+      "CVE-2024-42478",
+      "CVE-2024-42479",
       "CVE-2024-43468",
       "CVE-2024-50050",
       "CVE-2024-56145",
@@ -985,6 +989,7 @@
       "CVE-2026-32202",
       "CVE-2026-33017",
       "CVE-2026-33634",
+      "CVE-2026-34159",
       "CVE-2026-34197",
       "CVE-2026-34621",
       "CVE-2026-3502",

package/data/cve-catalog.json CHANGED Viewed

@@ -55,7 +55,7 @@
     "ai_discovery_methodology": {
       "field_added": "2026-05-15",
       "agents_md_target": "Hard Rule #7 — '41% of 2025 zero-days were AI-discovered'. Catalog target rate floor: 0.40.",
-      "current_rate": 0.035,
+      "current_rate": 0.034,
       "current_floor_enforced_by_test": 0.03,
       "ladder_to_target": [
         0.03,
@@ -12035,6 +12035,318 @@
     "_intake_method": "manual-verified-curation",
     "_kev_short_description": "Keras safe_mode (added for CVE-2025-1550) is bypassable through 3.10.0: a crafted .keras archive executes code via built-in module arguments even with safe_mode on (CWE-502). The first fix was incomplete."
   },
+  "CVE-2024-42479": {
+    "name": "llama.cpp RPC Backend SET_TENSOR Out-of-Bounds Write RCE",
+    "type": "RCE",
+    "cvss_score": 9.8,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+    "cvss_note": "NIST CVSS v3.1 base 9.8 (CRITICAL); GitHub scored it 10.0 (Scope:Changed). An unsafe data pointer in the rpc_tensor struct enables a write-what-where primitive (CWE-787/CWE-123).",
+    "cisa_kev": false,
+    "poc_available": true,
+    "poc_description": "Public exploitation research exists (pwner.gg and retr0.blog walkthroughs of llama.cpp RPC RCE): an unauthenticated TCP client to the RPC server sends crafted rpc_tensor messages to read/write arbitrary memory and, chaining the primitives, execute code.",
+    "ai_discovered": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_discovery_notes": "Disclosed via llama.cpp (ggml) GitHub security advisories and independent exploitation research. The abused surface is the distributed-inference RPC backend of the most widely used local LLM runtime.",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "No AI-assisted weaponization; classic memory-safety in the inference RPC backend, notable for the incomplete first fix.",
+    "active_exploitation": "none",
+    "active_exploitation_notes": "Advisory / research disclosure with a coordinated fix; no confirmed in-the-wild exploitation reported as of curation.",
+    "affected": "llama.cpp prior to build b3561.",
+    "affected_versions": [
+      "llama.cpp < b3561"
+    ],
+    "vector": "llama.cpp's RPC backend deserializes a rpc_tensor whose data pointer is attacker-controlled and unvalidated, so a SET_TENSOR message yields an arbitrary-address write (write-what-where, CWE-123). An unauthenticated attacker with TCP access to the RPC server (default port 50052) achieves remote code execution.",
+    "complexity": "low",
+    "complexity_notes": "NVD AV:N / AC:L / PR:N — unauthenticated TCP access to the RPC server (default port 50052).",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Remediation is upgrading llama.cpp to build b3561 or later; rebuild/redeploy, no host reboot.",
+    "vendor_update_paths": [
+      "Upgrade llama.cpp to build b3561 or later. Never expose the RPC server (default port 50052) to untrusted networks; it has no authentication. Bind it to localhost or a trusted segment and run least-privilege."
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-SI-2": "Flaw-remediation cadence does not track the local-LLM runtime's RPC backend as managed, RCE-bearing software, nor that the first fix left the GRAPH_COMPUTE path unpatched.",
+      "NIST-800-53-SC-7": "Boundary-protection control does not flag the unauthenticated RPC server (port 50052) as a network-exposed execution surface.",
+      "ISO-27001-2022-A.8.8": "Vulnerability management rarely enumerates the inference RPC backend's tensor deserialization as a memory-safety surface.",
+      "NIS2-Art21-patch-management": "Article 21 measures do not reach the inference RPC backend as a privileged, unauthenticated control plane.",
+      "DORA-Art-9": "ICT protection measures do not model an unauthenticated inference-RPC memory-corruption RCE as an ICT-risk event.",
+      "UK-CAF-B4": "System Security objective has no objective for validating deserialized tensor bounds in the inference RPC backend.",
+      "AU-ISM-1546": "Patch-application control does not single out the local-LLM runtime's RPC backend.",
+      "ALL-AI-PIPELINE-INTEGRITY": "No framework treats the inference RPC backend's deserialized tensors as untrusted input requiring bounds validation on every command path; per-command patching left GRAPH_COMPUTE exploitable."
+    },
+    "atlas_refs": [
+      "AML.T0049"
+    ],
+    "attack_refs": [
+      "T1190",
+      "T1059"
+    ],
+    "rwep_score": 29,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 0,
+      "blast_radius": 24,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "rwep_notes": "Standard (RWEP 29, \"patch within 30 days\" band per lib/scoring.js timeline). Not KEV, no confirmed in-the-wild exploitation, patched at/after disclosure (Hard Rule #3). poc_available=20 + blast_radius=24 (llama.cpp is the most widely used local LLM runtime) minus patch 15. Note: unauthenticated network reachability of the RPC server raises operational urgency beyond the RWEP number.",
+    "epss_score": null,
+    "epss_date": "2026-05-25",
+    "epss_note": "EPSS not pulled for this entry; retrieve via FIRST EPSS API in a future refresh.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2024-42479",
+    "cwe_refs": [
+      "CWE-787",
+      "CWE-123"
+    ],
+    "iocs": {
+      "behavioral": [
+        "Inbound TCP connections to the llama.cpp RPC server (default port 50052) from untrusted hosts.",
+        "RPC messages carrying rpc_tensor structures with a data pointer or buffer field that does not reference a server-allocated buffer (buffer=0 / out-of-range).",
+        "llama.cpp RPC worker crashes, anomalous memory access, or process spawning following GRAPH_COMPUTE / SET_TENSOR / GET_TENSOR traffic.",
+        "llama.cpp at an affected build (llama.cpp < b3561) with the RPC server reachable from untrusted networks — the exposed precondition."
+      ],
+      "_ioc_source_note": "Behavioral signatures derived from the ggml/llama.cpp GitHub security advisory (https://github.com/ggerganov/llama.cpp/security/advisories/GHSA-wcr5-566p-9cwj) and the public exploitation research (https://pwner.gg/blog/2024-10-03-llama-cpp-cves ; https://retr0.blog/blog/llama-rpc-rce), plus NVD CVE-2024-42479 (CWE-787/CWE-123). The unvalidated rpc_tensor data pointer / buffer=0 deserialization is the indicator anchor."
+    },
+    "source_verified": "2026-05-25",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2024-42479",
+      "https://github.com/ggerganov/llama.cpp/security/advisories/GHSA-wcr5-566p-9cwj",
+      "https://pwner.gg/blog/2024-10-03-llama-cpp-cves"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "GitHub Security Advisory",
+        "advisory_id": "CVE-2024-42479",
+        "url": "https://github.com/ggerganov/llama.cpp/security/advisories/GHSA-wcr5-566p-9cwj",
+        "severity": "critical",
+        "published_date": "2024-08-12"
+      },
+      {
+        "vendor": "NVD",
+        "advisory_id": "CVE-2024-42479",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42479",
+        "severity": "critical",
+        "published_date": "2024-08-12"
+      }
+    ],
+    "last_updated": "2026-05-25",
+    "discovery_attribution_note": "Manually curated from NVD (CWE-787/CWE-123; NIST CVSS 9.8) + the ggml/llama.cpp GitHub security advisory + public exploitation research. Member of the llama.cpp RPC-backend memory-safety family; CVE-2026-34159 is the GRAPH_COMPUTE path the b3561 fix for CVE-2024-42478/42479 left unpatched.",
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "_kev_short_description": "llama.cpp's RPC backend SET_TENSOR uses an unvalidated rpc_tensor data pointer, giving an unauthenticated attacker a write-what-where primitive and RCE; fixed in b3561."
+  },
+  "CVE-2024-42478": {
+    "name": "llama.cpp RPC Backend GET_TENSOR Out-of-Bounds Read",
+    "type": "INFO-DISCLOSURE",
+    "cvss_score": 9.8,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+    "cvss_note": "NIST CVSS v3.1 base 9.8 (CRITICAL). An unsafe data pointer in the rpc_tensor struct enables arbitrary-address reads (CWE-125), a primitive for pointer leaks / ASLR bypass that chains into the write-what-where RCE.",
+    "cisa_kev": false,
+    "poc_available": true,
+    "poc_description": "Public exploitation research exists (pwner.gg and retr0.blog walkthroughs of llama.cpp RPC RCE): an unauthenticated TCP client to the RPC server sends crafted rpc_tensor messages to read/write arbitrary memory and, chaining the primitives, execute code.",
+    "ai_discovered": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_discovery_notes": "Disclosed via llama.cpp (ggml) GitHub security advisories and independent exploitation research. The abused surface is the distributed-inference RPC backend of the most widely used local LLM runtime.",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "No AI-assisted weaponization; classic memory-safety in the inference RPC backend, notable for the incomplete first fix.",
+    "active_exploitation": "none",
+    "active_exploitation_notes": "Advisory / research disclosure with a coordinated fix; no confirmed in-the-wild exploitation reported as of curation.",
+    "affected": "llama.cpp prior to build b3561.",
+    "affected_versions": [
+      "llama.cpp < b3561"
+    ],
+    "vector": "llama.cpp's RPC backend deserializes a rpc_tensor whose data pointer is attacker-controlled and unvalidated, so a GET_TENSOR message yields an arbitrary-address read (CWE-125). An unauthenticated attacker with TCP access to the RPC server leaks memory (pointers, ASLR bypass), enabling reliable exploitation of the companion write primitive.",
+    "complexity": "low",
+    "complexity_notes": "NVD AV:N / AC:L / PR:N — unauthenticated TCP access to the RPC server (default port 50052).",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Remediation is upgrading llama.cpp to build b3561 or later; rebuild/redeploy, no host reboot.",
+    "vendor_update_paths": [
+      "Upgrade llama.cpp to build b3561 or later. Never expose the RPC server (default port 50052) to untrusted networks; it has no authentication. Bind it to localhost or a trusted segment and run least-privilege."
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-SI-2": "Flaw-remediation cadence does not track the local-LLM runtime's RPC backend as managed, RCE-bearing software, nor that the first fix left the GRAPH_COMPUTE path unpatched.",
+      "NIST-800-53-SC-7": "Boundary-protection control does not flag the unauthenticated RPC server (port 50052) as a network-exposed execution surface.",
+      "ISO-27001-2022-A.8.8": "Vulnerability management rarely enumerates the inference RPC backend's tensor deserialization as a memory-safety surface.",
+      "NIS2-Art21-patch-management": "Article 21 measures do not reach the inference RPC backend as a privileged, unauthenticated control plane.",
+      "DORA-Art-9": "ICT protection measures do not model an unauthenticated inference-RPC memory-corruption RCE as an ICT-risk event.",
+      "UK-CAF-B4": "System Security objective has no objective for validating deserialized tensor bounds in the inference RPC backend.",
+      "AU-ISM-1546": "Patch-application control does not single out the local-LLM runtime's RPC backend.",
+      "ALL-AI-PIPELINE-INTEGRITY": "No framework treats the inference RPC backend's deserialized tensors as untrusted input requiring bounds validation on every command path; per-command patching left GRAPH_COMPUTE exploitable."
+    },
+    "atlas_refs": [
+      "AML.T0049"
+    ],
+    "attack_refs": [
+      "T1190"
+    ],
+    "rwep_score": 29,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 0,
+      "blast_radius": 24,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "rwep_notes": "Standard (RWEP 29, \"patch within 30 days\" band per lib/scoring.js timeline). Not KEV, no confirmed in-the-wild exploitation, patched at/after disclosure (Hard Rule #3). poc_available=20 + blast_radius=24 (llama.cpp is the most widely used local LLM runtime) minus patch 15. Note: unauthenticated network reachability of the RPC server raises operational urgency beyond the RWEP number.",
+    "epss_score": null,
+    "epss_date": "2026-05-25",
+    "epss_note": "EPSS not pulled for this entry; retrieve via FIRST EPSS API in a future refresh.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2024-42478",
+    "cwe_refs": [
+      "CWE-125"
+    ],
+    "iocs": {
+      "behavioral": [
+        "Inbound TCP connections to the llama.cpp RPC server (default port 50052) from untrusted hosts.",
+        "RPC messages carrying rpc_tensor structures with a data pointer or buffer field that does not reference a server-allocated buffer (buffer=0 / out-of-range).",
+        "llama.cpp RPC worker crashes, anomalous memory access, or process spawning following GRAPH_COMPUTE / SET_TENSOR / GET_TENSOR traffic.",
+        "llama.cpp at an affected build (llama.cpp < b3561) with the RPC server reachable from untrusted networks — the exposed precondition."
+      ],
+      "_ioc_source_note": "Behavioral signatures derived from the ggml/llama.cpp GitHub security advisory (https://github.com/ggerganov/llama.cpp/security/advisories/GHSA-5vm9-p64x-gqw9) and the public exploitation research (https://pwner.gg/blog/2024-10-03-llama-cpp-cves ; https://retr0.blog/blog/llama-rpc-rce), plus NVD CVE-2024-42478 (CWE-125). The unvalidated rpc_tensor data pointer / buffer=0 deserialization is the indicator anchor."
+    },
+    "source_verified": "2026-05-25",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2024-42478",
+      "https://github.com/ggerganov/llama.cpp/security/advisories/GHSA-5vm9-p64x-gqw9",
+      "https://pwner.gg/blog/2024-10-03-llama-cpp-cves"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "GitHub Security Advisory",
+        "advisory_id": "CVE-2024-42478",
+        "url": "https://github.com/ggerganov/llama.cpp/security/advisories/GHSA-5vm9-p64x-gqw9",
+        "severity": "critical",
+        "published_date": "2024-08-12"
+      },
+      {
+        "vendor": "NVD",
+        "advisory_id": "CVE-2024-42478",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42478",
+        "severity": "critical",
+        "published_date": "2024-08-12"
+      }
+    ],
+    "last_updated": "2026-05-25",
+    "discovery_attribution_note": "Manually curated from NVD (CWE-125; NIST CVSS 9.8) + the ggml/llama.cpp GitHub security advisory + public exploitation research. Member of the llama.cpp RPC-backend memory-safety family; CVE-2026-34159 is the GRAPH_COMPUTE path the b3561 fix for CVE-2024-42478/42479 left unpatched.",
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "_kev_short_description": "llama.cpp's RPC backend GET_TENSOR uses an unvalidated rpc_tensor data pointer, giving an unauthenticated attacker an arbitrary-address read (pointer leak / ASLR bypass); fixed in b3561."
+  },
+  "CVE-2026-34159": {
+    "name": "llama.cpp RPC Backend GRAPH_COMPUTE deserialize_tensor Bounds Bypass RCE",
+    "type": "RCE",
+    "cvss_score": 9.8,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+    "cvss_note": "NVD CVSS v3.1 base 9.8 (CRITICAL). deserialize_tensor() skips all bounds validation when a tensor's buffer field is 0 (CWE-119); the 2024 GET/SET_TENSOR fix (b3561) never covered the GRAPH_COMPUTE command path.",
+    "cisa_kev": false,
+    "poc_available": true,
+    "poc_description": "Public exploitation research exists (pwner.gg and retr0.blog walkthroughs of llama.cpp RPC RCE): an unauthenticated TCP client to the RPC server sends crafted rpc_tensor messages to read/write arbitrary memory and, chaining the primitives, execute code.",
+    "ai_discovered": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_discovery_notes": "Disclosed via llama.cpp (ggml) GitHub security advisories and independent exploitation research. The abused surface is the distributed-inference RPC backend of the most widely used local LLM runtime.",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "No AI-assisted weaponization; classic memory-safety in the inference RPC backend, notable for the incomplete first fix.",
+    "active_exploitation": "none",
+    "active_exploitation_notes": "Advisory / research disclosure with a coordinated fix; no confirmed in-the-wild exploitation reported as of curation.",
+    "affected": "llama.cpp prior to build b8492 (the GRAPH_COMPUTE path was not covered by the b3561 fix for CVE-2024-42478 / CVE-2024-42479).",
+    "affected_versions": [
+      "llama.cpp < b8492"
+    ],
+    "vector": "llama.cpp's RPC backend deserialize_tensor() skips bounds validation when a tensor's buffer field is 0 (CWE-119). Because the b3561 fix only hardened the GET_TENSOR / SET_TENSOR handlers, a malicious GRAPH_COMPUTE message still reaches the unvalidated path, giving an unauthenticated attacker arbitrary memory read/write, ASLR bypass, and remote code execution.",
+    "complexity": "low",
+    "complexity_notes": "NVD AV:N / AC:L / PR:N — unauthenticated TCP access to the RPC server (default port 50052).",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Remediation is upgrading llama.cpp to build b8492 or later; rebuild/redeploy, no host reboot.",
+    "vendor_update_paths": [
+      "Upgrade llama.cpp to build b8492 or later. Never expose the RPC server (default port 50052) to untrusted networks; it has no authentication. Bind it to localhost or a trusted segment and run least-privilege."
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-SI-2": "Flaw-remediation cadence does not track the local-LLM runtime's RPC backend as managed, RCE-bearing software, nor that the first fix left the GRAPH_COMPUTE path unpatched.",
+      "NIST-800-53-SC-7": "Boundary-protection control does not flag the unauthenticated RPC server (port 50052) as a network-exposed execution surface.",
+      "ISO-27001-2022-A.8.8": "Vulnerability management rarely enumerates the inference RPC backend's tensor deserialization as a memory-safety surface.",
+      "NIS2-Art21-patch-management": "Article 21 measures do not reach the inference RPC backend as a privileged, unauthenticated control plane.",
+      "DORA-Art-9": "ICT protection measures do not model an unauthenticated inference-RPC memory-corruption RCE as an ICT-risk event.",
+      "UK-CAF-B4": "System Security objective has no objective for validating deserialized tensor bounds in the inference RPC backend.",
+      "AU-ISM-1546": "Patch-application control does not single out the local-LLM runtime's RPC backend.",
+      "ALL-AI-PIPELINE-INTEGRITY": "No framework treats the inference RPC backend's deserialized tensors as untrusted input requiring bounds validation on every command path; per-command patching left GRAPH_COMPUTE exploitable."
+    },
+    "atlas_refs": [
+      "AML.T0049"
+    ],
+    "attack_refs": [
+      "T1190",
+      "T1059"
+    ],
+    "rwep_score": 29,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 0,
+      "blast_radius": 24,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "rwep_notes": "Standard (RWEP 29, \"patch within 30 days\" band per lib/scoring.js timeline). Not KEV, no confirmed in-the-wild exploitation, patched at/after disclosure (Hard Rule #3). poc_available=20 + blast_radius=24 (llama.cpp is the most widely used local LLM runtime) minus patch 15. Note: unauthenticated network reachability of the RPC server raises operational urgency beyond the RWEP number.",
+    "epss_score": null,
+    "epss_date": "2026-05-25",
+    "epss_note": "EPSS not pulled for this entry; retrieve via FIRST EPSS API in a future refresh.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2026-34159",
+    "cwe_refs": [
+      "CWE-119"
+    ],
+    "iocs": {
+      "behavioral": [
+        "Inbound TCP connections to the llama.cpp RPC server (default port 50052) from untrusted hosts.",
+        "RPC messages carrying rpc_tensor structures with a data pointer or buffer field that does not reference a server-allocated buffer (buffer=0 / out-of-range).",
+        "llama.cpp RPC worker crashes, anomalous memory access, or process spawning following GRAPH_COMPUTE / SET_TENSOR / GET_TENSOR traffic.",
+        "llama.cpp at an affected build (llama.cpp < b8492) with the RPC server reachable from untrusted networks — the exposed precondition."
+      ],
+      "_ioc_source_note": "Behavioral signatures derived from the ggml/llama.cpp GitHub security advisory (https://github.com/ggml-org/llama.cpp/security/advisories/GHSA-j8rj-fmpv-wcxw) and the public exploitation research (https://pwner.gg/blog/2024-10-03-llama-cpp-cves ; https://retr0.blog/blog/llama-rpc-rce), plus NVD CVE-2026-34159 (CWE-119). The unvalidated rpc_tensor data pointer / buffer=0 deserialization is the indicator anchor."
+    },
+    "source_verified": "2026-05-25",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2026-34159",
+      "https://github.com/ggml-org/llama.cpp/security/advisories/GHSA-j8rj-fmpv-wcxw",
+      "https://pwner.gg/blog/2024-10-03-llama-cpp-cves"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "GitHub Security Advisory",
+        "advisory_id": "CVE-2026-34159",
+        "url": "https://github.com/ggml-org/llama.cpp/security/advisories/GHSA-j8rj-fmpv-wcxw",
+        "severity": "critical",
+        "published_date": "2026-04-01"
+      },
+      {
+        "vendor": "NVD",
+        "advisory_id": "CVE-2026-34159",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34159",
+        "severity": "critical",
+        "published_date": "2026-04-01"
+      }
+    ],
+    "last_updated": "2026-05-25",
+    "discovery_attribution_note": "Manually curated from NVD (CWE-119; NIST CVSS 9.8) + the ggml/llama.cpp GitHub security advisory + public exploitation research. Member of the llama.cpp RPC-backend memory-safety family; CVE-2026-34159 is the GRAPH_COMPUTE path the b3561 fix for CVE-2024-42478/42479 left unpatched.",
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "_kev_short_description": "llama.cpp's RPC backend deserialize_tensor() still skips bounds checks via GRAPH_COMPUTE (buffer=0) — the GRAPH_COMPUTE path the b3561 fix missed — giving unauthenticated RCE; fixed in b8492."
+  },
   "CVE-2026-41091": {
     "name": "Microsoft Defender (Malware Protection Engine) Link-Following LPE to SYSTEM",
     "type": "LPE",

package/data/cwe-catalog.json CHANGED Viewed

@@ -421,6 +421,7 @@
       "hardening"
     ],
     "evidence_cves": [
+      "CVE-2024-42479",
       "CVE-2026-43284"
     ],
     "framework_controls_partially_addressing": [
@@ -453,6 +454,7 @@
     ],
     "evidence_cves": [
       "CVE-2023-36424",
+      "CVE-2024-42478",
       "CVE-2025-48633",
       "CVE-2025-5419",
       "CVE-2025-5777",
@@ -1589,6 +1591,7 @@
       "CVE-2023-3519",
       "CVE-2024-21762",
       "CVE-2024-37079",
+      "CVE-2024-42479",
       "CVE-2025-14174",
       "CVE-2025-14733",
       "CVE-2025-21042",
@@ -2255,6 +2258,7 @@
       "CVE-2025-6965",
       "CVE-2025-7775",
       "CVE-2026-20700",
+      "CVE-2026-34159",
       "CVE-2026-3910"
     ],
     "last_verified": "2026-05-18",

package/data/framework-control-gaps.json CHANGED Viewed

@@ -36,6 +36,8 @@
     "evidence_cves": [
       "CVE-2023-48022",
       "CVE-2024-0132",
+      "CVE-2024-42478",
+      "CVE-2024-42479",
       "CVE-2024-50050",
       "CVE-2025-1550",
       "CVE-2025-23254",
@@ -57,6 +59,7 @@
       "CVE-2026-30617",
       "CVE-2026-30624",
       "CVE-2026-30625",
+      "CVE-2026-34159",
       "CVE-2026-40933"
     ],
     "atlas_refs": [
@@ -1368,6 +1371,8 @@
       "CVE-2024-27443",
       "CVE-2024-37079",
       "CVE-2024-42009",
+      "CVE-2024-42478",
+      "CVE-2024-42479",
       "CVE-2024-43468",
       "CVE-2024-50050",
       "CVE-2024-54085",
@@ -1565,6 +1570,7 @@
       "CVE-2026-32201",
       "CVE-2026-33017",
       "CVE-2026-33634",
+      "CVE-2026-34159",
       "CVE-2026-34197",
       "CVE-2026-34621",
       "CVE-2026-34926",
@@ -1763,6 +1769,8 @@
     "evidence_cves": [
       "CVE-2023-48022",
       "CVE-2024-0132",
+      "CVE-2024-42478",
+      "CVE-2024-42479",
       "CVE-2024-50050",
       "CVE-2025-10585",
       "CVE-2025-1094",
@@ -1791,6 +1799,7 @@
       "CVE-2026-30624",
       "CVE-2026-30625",
       "CVE-2026-31431",
+      "CVE-2026-34159",
       "CVE-2026-34926",
       "CVE-2026-39884",
       "CVE-2026-40933",
@@ -2126,8 +2135,11 @@
       "CVE-2023-48022",
       "CVE-2024-0132",
       "CVE-2024-40635",
+      "CVE-2024-42478",
+      "CVE-2024-42479",
       "CVE-2025-23266",
       "CVE-2025-53767",
+      "CVE-2026-34159",
       "CVE-2026-42897"
     ],
     "atlas_refs": [
@@ -2351,6 +2363,8 @@
       "CVE-2024-27443",
       "CVE-2024-37079",
       "CVE-2024-42009",
+      "CVE-2024-42478",
+      "CVE-2024-42479",
       "CVE-2024-43468",
       "CVE-2024-50050",
       "CVE-2024-54085",
@@ -2558,6 +2572,7 @@
       "CVE-2026-33017",
       "CVE-2026-33634",
       "CVE-2026-33825",
+      "CVE-2026-34159",
       "CVE-2026-34197",
       "CVE-2026-34621",
       "CVE-2026-34926",
@@ -4821,6 +4836,8 @@
       "CVE-2023-48022",
       "CVE-2024-0132",
       "CVE-2024-21762",
+      "CVE-2024-42478",
+      "CVE-2024-42479",
       "CVE-2024-50050",
       "CVE-2025-1550",
       "CVE-2025-23254",
@@ -4845,6 +4862,7 @@
       "CVE-2026-30617",
       "CVE-2026-30624",
       "CVE-2026-30625",
+      "CVE-2026-34159",
       "CVE-2026-34926",
       "CVE-2026-40933",
       "CVE-2026-41091",
@@ -5341,6 +5359,8 @@
     "evidence_cves": [
       "CVE-2024-0132",
       "CVE-2024-21762",
+      "CVE-2024-42478",
+      "CVE-2024-42479",
       "CVE-2024-50050",
       "CVE-2025-1550",
       "CVE-2025-23254",
@@ -5361,6 +5381,7 @@
       "CVE-2026-30617",
       "CVE-2026-30624",
       "CVE-2026-30625",
+      "CVE-2026-34159",
       "CVE-2026-34926",
       "CVE-2026-40933",
       "CVE-2026-41091",
@@ -5402,6 +5423,8 @@
       "CVE-2023-48022",
       "CVE-2024-0132",
       "CVE-2024-21762",
+      "CVE-2024-42478",
+      "CVE-2024-42479",
       "CVE-2024-50050",
       "CVE-2025-1550",
       "CVE-2025-23254",
@@ -5424,6 +5447,7 @@
       "CVE-2026-30617",
       "CVE-2026-30624",
       "CVE-2026-30625",
+      "CVE-2026-34159",
       "CVE-2026-34926",
       "CVE-2026-40933",
       "CVE-2026-41091",