PT-2025-12256 · Unknown · Berriai/Litellm
CVE-2024-8984
·
Published
2025-03-20
·
Updated
2026-07-07
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
berriai/litellm version v1.44.5
Description
A Denial of Service (DoS) vulnerability exists. This vulnerability can be exploited by appending characters, such as dashes (-), to the end of a multipart boundary in an HTTP request. The server continuously processes each character, leading to excessive resource consumption and rendering the service unavailable. The issue is unauthenticated and does not require any user interaction, impacting all users of the service.
Recommendations
For berriai/litellm version v1.44.5, ensure that input validation is implemented to properly handle multipart boundary strings and prevent the addition of extraneous characters.
Exploit
Fix
DoS
Resource Exhaustion
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Berriai/Litellm