notesum.ai
Published at November 20SoK: A Systems Perspective on Compound AI Threats and Countermeasures
cs.CR
cs.AI
Released Date: November 20, 2024
Authors: Sarbartha Banerjee1, Prateek Sahu1, Mulong Luo1, Anjo Vahldiek-Oberwagner2, Neeraja J. Yadwadkar1, Mohit Tiwari3
Aff.: 1The University of Texas at Austin; 2Intel Labs; 3Symmetry Systems
| Data Confidentiality | Data Integrity | Crash/DoS | Code Execution | Privilege Escalation | |
| Frameworks | Langchain - SQL Injection CVE-2023-36189 | ChatGPT - Integrity CVE-2024-40594 | NLTK - ReDoS CVE-2021-43854 | Haystack - ACE CVE-2024-41950 | Langchain - SSRF CVE-2024-3095 |
| LLama - OOB Read CVE-2024-42478 | LLama - OOB Write CVE-2024-42479 | LLama - Heap Ovf. CVE-2024-42479 | HuggingFace - RCE CVE-2024-3568 | Langflow - ACL Violation CVE-2024-7297 | |
| HuggingFace - Access Control CVE-2023-2800 | Rasa - Directory Trvsl CVE-2021-42556 | Mxnet - Resource Hog CVE-2022-24294 | LLamaindex - Bug/RCE CVE-2024-3271 | Ollama - ACL Violation CVE-2024-28224 | |
| Packages | Pytorch - OOB Read CVE-2024-31584 | MLFlow - ACL Violation CVE-2024-4263 | Snowflake - Arbit. input CVE-2022-42965 | Pytorch - Cmd Injection CVE-2022-0845 | Pytorch - API Bug CVE-2024-5480 |
| TensorFlow - Use-after-free CVE-2021-41220 | TensorFlow - OOB Write CVE-2022-41894 | TensorFlow - FP Exception CVE-2023-27579 | Snowflake - Cmd. Injection CVE-2023-34230 | Hadoop - ACL Violation CVE-2023-26031 | |
| Pytorch - Malicious Pkg. CVE-2022-30877 | Spark - Cleartext Store CVE-2019-10099 | Kubernetes - Bug CVE-2022-3172 | BentoML - RCE CVE-2024-2912 | Kubernetes - API Bug CVE-2023-1260 | |
| Libraries | OpenCL - Use-after-free CVE-2023-4969 | Py zlib - Mem Corrupt CVE-2018-25032 | Scipy - Heap Ovf. CVE-2022-48560 | Pyyaml - RCE CVE-2021-4118 | OneAPI - Library Bug CVE-2024-21766 |
| CuDNN - Use-after-free CVE-2021-37652 | SQLite - OOB Write CVE-2020-35527 | Mlnx OS - IPfilter config CVE-2024-0101 | Redis - Integer Ovf. CVE-2023-41056 | Py Urllib - Inp. Validation CVE-2023-24329 | |
| Cuda - OOB Read CVE-2023-25513 | vGPU Drv - OOB Write CVE-2023-31035 | Firmware - Config Error CVE-2023-31035 | vGPU Drv - OOB Write CVE-2023-31035 | Torchserve - Directory Trvsl CVE-2023-48299 |