CVE-2024-10907

In lm-sys/fastchat Release v0.2.36, the server fails to handle excessive characters appended to the end of multipart boundaries. This flaw can be exploited by sending malformed multipart requests with arbitrary characters at the end of the boundary. Each extra character is processed in an infinite loop, leading to excessive resource consumption and a complete denial of service (DoS) for all users. The vulnerability is unauthenticated, meaning no user login or interaction is required for an attacker to exploit this issue.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://huntr.com/bounties/bf3ca81d-3508-4455-95d9-0b653e46d6e4	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:lm-sys:fastchat:0.2.36:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-03-20 10:15

Updated : 2025-10-15 13:15

NVD link : CVE-2024-10907

Mitre link : CVE-2024-10907

CVE.ORG link : CVE-2024-10907

JSON object : View

Products Affected

lm-sys

fastchat

CWE

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

{"id": "CVE-2024-10907", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-03-20T10:15:21.357", "references": [{"url": "https://huntr.com/bounties/bf3ca81d-3508-4455-95d9-0b653e46d6e4", "tags": ["Exploit", "Third Party Advisory"], "source": "[email protected]"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-835"}]}], "descriptions": [{"lang": "en", "value": "In lm-sys/fastchat Release v0.2.36, the server fails to handle excessive characters appended to the end of multipart boundaries. This flaw can be exploited by sending malformed multipart requests with arbitrary characters at the end of the boundary. Each extra character is processed in an infinite loop, leading to excessive resource consumption and a complete denial of service (DoS) for all users. The vulnerability is unauthenticated, meaning no user login or interaction is required for an attacker to exploit this issue."}, {"lang": "es", "value": "En la versi\u00f3n v0.2.36 de lm-sys/fastchat, el servidor no gestiona el exceso de caracteres a\u00f1adidos al final de los l\u00edmites multiparte. Esta vulnerabilidad puede explotarse enviando solicitudes multiparte malformadas con caracteres arbitrarios al final del l\u00edmite. Cada car\u00e1cter adicional se procesa en un bucle infinito, lo que provoca un consumo excesivo de recursos y una denegaci\u00f3n de servicio (DoS) completa para todos los usuarios. La vulnerabilidad no est\u00e1 autenticada, lo que significa que un atacante no requiere que el usuario inicie sesi\u00f3n ni interact\u00fae con \u00e9l para explotarla."}], "lastModified": "2025-10-15T13:15:37.713", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:lm-sys:fastchat:0.2.36:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7EF59142-7680-44AA-8669-F1F545DCBEDE"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}