CVE-2024-10829

A Denial of Service (DoS) vulnerability in the multipart request boundary processing mechanism of eosphoros-ai/db-gpt v0.6.0 allows unauthenticated attackers to cause excessive resource consumption. The server fails to handle excessive characters appended to the end of multipart boundaries, leading to an infinite loop and complete denial of service for all users. This vulnerability affects all endpoints processing multipart/form-data requests.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://huntr.com/bounties/e3a4a0ad-a2e0-497f-a2e0-e3c0ec7c4de4	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:dbgpt:db-gpt:0.6.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-03-20 10:15

Updated : 2025-10-15 13:15

NVD link : CVE-2024-10829

Mitre link : CVE-2024-10829

CVE.ORG link : CVE-2024-10829

JSON object : View

Products Affected

dbgpt

db-gpt

CWE

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

7.5 /10