CVE-2024-7771

A vulnerability in the Dockerized version of mintplex-labs/anything-llm (latest, digest 1d9452da2b92) allows for a denial of service. Uploading an audio file with a very low sample rate causes the functionality responsible for transcribing it to crash the entire site instance. The issue arises from the localWhisper implementation, where resampling the audio file from 1 Hz to 16000 Hz quickly exceeds available memory, leading to the Docker instance being killed by the instance manager.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector : AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/mintplex-labs/anything-llm/commit/dd017c6cbbf42abdef7861a66558c53b66424d07	Patch
https://huntr.com/bounties/a31a9834-e9c4-4b50-a1ec-ecb69f2a6142	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-03-20 10:15

Updated : 2025-07-15 15:12

NVD link : CVE-2024-7771

Mitre link : CVE-2024-7771

CVE.ORG link : CVE-2024-7771

JSON object : View

Products Affected

mintplexlabs

anythingllm

CWE

CWE-400

Uncontrolled Resource Consumption

{"id": "CVE-2024-7771", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2025-03-20T10:15:37.257", "references": [{"url": "https://github.com/mintplex-labs/anything-llm/commit/dd017c6cbbf42abdef7861a66558c53b66424d07", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://huntr.com/bounties/a31a9834-e9c4-4b50-a1ec-ecb69f2a6142", "tags": ["Exploit", "Third Party Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Dockerized version of mintplex-labs/anything-llm (latest, digest 1d9452da2b92) allows for a denial of service. Uploading an audio file with a very low sample rate causes the functionality responsible for transcribing it to crash the entire site instance. The issue arises from the localWhisper implementation, where resampling the audio file from 1 Hz to 16000 Hz quickly exceeds available memory, leading to the Docker instance being killed by the instance manager."}, {"lang": "es", "value": "Una vulnerabilidad en la versi\u00f3n Dockerizada de mintplex-labs/anything-llm (\u00faltima versi\u00f3n, digest 1d9452da2b92) permite una denegaci\u00f3n de servicio. Subir un archivo de audio con una frecuencia de muestreo muy baja provoca que la funci\u00f3n encargada de transcribirlo bloquee toda la instancia del sitio. El problema surge de la implementaci\u00f3n de localWhisper, donde el remuestreo del archivo de audio de 1 Hz a 16 000 Hz excede r\u00e1pidamente la memoria disponible, lo que provoca que el administrador de instancias cierre la instancia de Docker."}], "lastModified": "2025-07-15T15:12:59.860", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3A39FD4-F125-4AF1-86A0-CA2F8AD2A178", "versionEndExcluding": "1.3.1"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}