Meta Llama LLM security flaw could let hackers easily breach systems and spread malware
techradar.com
- Security researchers find way to abuse Meta's Llama LLM for remote code execution
- Meta addressed the problem in early October 2024
- The problem was using pickle as a serialization format for socket communication
Meta's Llama Large Language Model (LLM) had a vulnerability which could have allowed threat actors to execute arbitrary code on the flawed server, experts have warned.
Cybersecurity researchers from Oligo Security published an in-depth analysis about a bug tracked as CVE-2024-50050, which according to the National Vulnerability Database (NVD), carries a severity score of 6.3 (medium).
The bug was discovered in a component called Llama Stack, designed to optimize the deployment, scaling, and integration of large language models.
Meta issues a fix
Oligo described the affected version as “vulnerable to deserialization of untrusted data, meaning that an attacker can execute arbitrary code by sending malicious data that is deserialized."
NVD ...
Copyright of this story solely belongs to techradar.com . To see the full text click HERE