PT-2025-12029 · Llava · Llava

Publicado

2025-03-20

Atualizado

2025-03-22

CVE-2024-10225

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions haotian-liu/llava version 1.2.0

Description A Denial of Service (DoS) issue allows an attacker to cause the server to become inaccessible by appending a large number of characters to the end of a multipart boundary in a file upload request, causing the server to continuously process each character.

Recommendations For haotian-liu/llava version 1.2.0, consider restricting the size of file upload requests or validating the multipart boundary to prevent excessive character appending until a patch is available.

Exploit

Correção

DoS

Allocation of Resources Without Limits

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-770CWE-400

Identificadores relacionados

CVE-2024-10225

Produtos afetados

Llava

PT-2025-12029 · Llava · Llava

CVE-2024-10225

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4