Voyager18 (research)

Llama Drama: How to fix CVE-2024-34359

Critical "Llama Drama" vulnerability (CVE-2024-34359) in Llama-cpp-Python package. Upgrade to version 0.2.72 to secure against RCE risks.

Yair Divinsky | May 22, 2024

Discovered by Patrick Peng retr0reg, the critical vulnerability CVE-2024-34359 has been found in the “llama_cpp_python” Python package.

The discovery of this critical vulnerability, also known as the Llama Drama, was found in the Llama-cpp-Python AI package, posing a significant threat to the software supply chain.

Here’s what you need to know about CVE-2024-34359, its implications, and how organizations can protect themselves against it.


Affected products: 

Llama-cpp-Python package in Hugging Face 

Product category: 

Integrated AI Vulnerability 




Backdoor to achieve Remote Code Execution (RCE) 


Confidentiality (H), Integrity (H), Availability (H) 


Exploit in the wild 

No current evidence 

CISA Catalog 


Remediation action 

Upgrade to version 0.2.72 

MITRE advisory 

Read more 


What is CVE-2024-34359?

CVE-2024-34359 is a critical vulnerability discovered in the Llama-cpp-Python AI package. This package is widely used in various applications for its AI integration capabilities.

The vulnerability allows threat actors to execute arbitrary code remotely, potentially leading to unauthorized access, data breaches, and other malicious activities. 

The Llama Drama flaw originates from a lack of input validation in certain functions of the package, allowing attackers to craft malicious inputs that exploit this weakness. When these inputs are processed by the affected functions, it triggers the execution of unauthorized commands, bypassing intended security measures.

With over 6k AI models on HuggingFace using llama_cpp_python and Jinja2 being vulnerable, the bug allows attackers to execute arbitrary code from the misuse of the Jinja2 template engine. 

This vulnerability underscores the importance of security in AI systems and software supply chain. 


initial discovered by @retr0reg on X (Twitter).


Does CVE-2024-34359 affect me?

If your organization utilizes the Llama-cpp-Python AI package or any software that integrates this package, then CVE-2024-34359 poses a direct risk to your systems. It’s crucial to assess your software stack and identify any dependencies on vulnerable versions of the Llama-cpp-Python package. 

Even if you don’t directly use this package, it’s essential to stay informed as vulnerabilities in widely used components can have cascading effects across the software supply chain. 


Has CVE-2024-34359 been actively exploited in the wild?

As of our latest knowledge, there haven’t been reported instances of CVE-2024-34359 being actively exploited in the wild. However, the critical nature of this vulnerability and its potential impact on the software supply chain highlight the urgency of addressing it promptly. 

As AI technology increasingly integrates into critical applications, it is crucial to prioritize a security-first approach in building and maintaining these systems to protect against potential threats that could compromise the benefits of the technology.

Security researchers and organizations are actively monitoring for any signs of exploitation and working on mitigation strategies to prevent potential attacks. 


How to fix CVE-2024-34359

Mitigating CVE-2024-34359 requires immediate action to secure your systems and protect against potential threats. A fix for the vulnerability has been issued in version 0.2.72. 

 Here are steps you can take to address this vulnerability: 

  • Update Llama-cpp-Python: Ensure that you are using the latest patched version of the Llama-cpp-Python package. Developers of the package have likely released fixes addressing CVE-2024-34359 and other potential vulnerabilities. 
  • Implement Input Validation: Enhance input validation mechanisms in your software to detect and reject malicious inputs that exploit the vulnerability. This can help mitigate the risk of remote code execution. 
  • Monitor for Anomalies: Utilize monitoring tools and techniques to detect any anomalous behavior or suspicious activity that may indicate an attempted exploit of CVE-2024-34359. 


Next steps

Each new vulnerability is a reminder of where we stand and what we need to do better. Check out the following resources to help you maintain cyber hygiene and stay ahead of the threat actors: 

  1. 2023 Vulnerability watch reports 
  2. The MITRE ATT&CK framework: Getting started
  3. The true impact of exploitable vulnerabilities for 2024
  4. Multi-cloud security challenges – a best practice guide
  5. How to properly tackle zero-day threats

Free for risk owners

Set up in minutes to aggregate and prioritize cyber risk across all your assets and attack vectors.

“The only free RBVM tool out there The only free RBVM tool lorem ipsum out there. The only”.

Name Namerson
Head of Cyber Security Strategy