TL; DR Tree Parity Machine(TPM)을 이용해 AES 키를 공개 채널에서 학습 동기화로 생성한 뒤, 암호화된 플래그를 제공하는 문제다. 로그(log.json)를 기반으로 TPM weight를 재현하고, SHA256으로 키를 유도해 enc_flag.txt를 복호화하면 된다. naive한 단일 TPM imitation으로는 풀리지 않으며, population attack, mutation, selective unit flipping을 활용해 풀이 가능하다. 문제 구조 log.json: TPM 학습 로그. 각 step의 입력 벡터(x: 3x100)와 출력 bit(tau: {-1, +1})가 주어짐. 단, Alice와 Bob이 tau^A = tau^B일 때만 기록됨. enc_flag.txt: AES-ECB로 암호화된 플래그....
Severity Score : 7.5 / 10 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Summary A remote unauthenticated Denial of Service exists in the GGUF decoder. When creating a model from a crafted GGUF blob, the server panics with panic: runtime error: makeslice: len out of range and terminates. Details (root cause) In fs/ggml/gguf.go::readGGUFString, the code reads 8 bytes as a length and immediately allocates a slice of that length: func readGGUFString(llm *gguf, r io.Reader) (string, error) { if llm....
Severity Score : 7.5 / 10 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Summary A remote unauthenticated Denial-of-Service exists in Ollama’s GGUF decoder. When a crafted GGUF file is uploaded and used during model creation, the server panics and terminates. Key signature panic: bytes.Buffer: truncation out of range stack: readGGUFV1String → readGGUFString → (*gguf).Decode → server.(*Server).Create… This affects the REST path /api/blobs (upload) + /api/create (files map) and brings down the process. Details(root cause) In fs/ggml/gguf.go, function readGGUFV1String reads a string length from untrusted GGUF metadata and later ends up calling bytes....