CVE-2024-8984

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions berriai/litellm version v1.44.5

Description A Denial of Service (DoS) vulnerability exists. This vulnerability can be exploited by appending characters, such as dashes (-), to the end of a multipart boundary in an HTTP request. The server continuously processes each character, leading to excessive resource consumption and rendering the service unavailable. The issue is unauthenticated and does not require any user interaction, impacting all users of the service.

Recommendations For berriai/litellm version v1.44.5, ensure that input validation is implemented to properly handle multipart boundary strings and prevent the addition of extraneous characters.

Exploit

Fix

DoS

Allocation of Resources Without Limits

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770CWE-400

Related Identifiers

CVE-2024-8984

GHSA-FH2C-86XM-PM2X

Affected Products

Berriai/Litellm

CVE-2024-8984

Weakness Enumeration

Related Identifiers

Affected Products

References · 10