PT-2025-12079 · Unknown · Lm-Sys/Fastchat

Published

2025-03-20

Updated

2025-03-21

CVE-2024-10912

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions lm-sys/fastchat version 0.2.36

Description A Denial of Service (DoS) issue exists in the file upload feature due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this by sending a payload with an excessively large filename, causing the server to become overwhelmed and unavailable to legitimate users.

Recommendations For version 0.2.36, consider restricting the size of filenames allowed in the file upload feature to prevent exploitation until a patch is available. As a temporary workaround, limiting the file upload feature's accessibility can also help minimize the risk of exploitation.

Exploit

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2024-10912

GHSA-79RP-V9RM-GXM8

Affected Products

Lm-Sys/Fastchat

PT-2025-12079 · Unknown · Lm-Sys/Fastchat

CVE-2024-10912

Weakness Enumeration

Related Identifiers

Affected Products

References · 7