CVE-2024-12070

A Denial of Service (DoS) vulnerability exists in the file upload feature of haotian-liu/llava, specifically in Release v1.2.0 (LLaVA-1.6). The vulnerability is due to improper handling of form-data with a large filename in the file upload request. By sending a payload with an excessively large filename, the server becomes overwhelmed and unresponsive, leading to unavailability for legitimate users. This issue can be exploited without authentication, making it highly scalable and increasing the risk of exploitation.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://huntr.com/bounties/8adac028-21c5-41ba-b785-b03066c0b2a6	Exploit Third Party Advisory
https://huntr.com/bounties/8adac028-21c5-41ba-b785-b03066c0b2a6	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:hliu:large_language_and_vision_assistant:1.2.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-03-20 10:15

Updated : 2025-07-14 17:45

NVD link : CVE-2024-12070

Mitre link : CVE-2024-12070

CVE.ORG link : CVE-2024-12070

JSON object : View

Products Affected

hliu

large_language_and_vision_assistant

CWE

CWE-400

Uncontrolled Resource Consumption

{"id": "CVE-2024-12070", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-03-20T10:15:27.110", "references": [{"url": "https://huntr.com/bounties/8adac028-21c5-41ba-b785-b03066c0b2a6", "tags": ["Exploit", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://huntr.com/bounties/8adac028-21c5-41ba-b785-b03066c0b2a6", "tags": ["Exploit", "Third Party Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "A Denial of Service (DoS) vulnerability exists in the file upload feature of haotian-liu/llava, specifically in Release v1.2.0 (LLaVA-1.6). The vulnerability is due to improper handling of form-data with a large filename in the file upload request. By sending a payload with an excessively large filename, the server becomes overwhelmed and unresponsive, leading to unavailability for legitimate users. This issue can be exploited without authentication, making it highly scalable and increasing the risk of exploitation."}, {"lang": "es", "value": "Existe una vulnerabilidad de denegaci\u00f3n de servicio (DoS) en la funci\u00f3n de carga de archivos de haotian-liu/llava, concretamente en la versi\u00f3n v1.2.0 (LLaVA-1.6). La vulnerabilidad se debe a la gesti\u00f3n incorrecta de datos de formulario con un nombre de archivo demasiado grande en la solicitud de carga de archivos. Al enviar un payload con un nombre de archivo excesivamente grande, el servidor se satura y deja de responder, lo que provoca la indisponibilidad para los usuarios leg\u00edtimos. Este problema puede explotarse sin autenticaci\u00f3n, lo que lo hace altamente escalable y aumenta el riesgo de explotaci\u00f3n."}], "lastModified": "2025-07-14T17:45:20.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hliu:large_language_and_vision_assistant:1.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16359AF7-BEEE-464E-9B76-3D47F6635EE8"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}