CVE-2024-11173

CVSS 3.0 Score 6.5 of 10 (medium)

Details

Published Mar 20, 2025

CWE ID 248

Summary

CVE-2024-11173 is an unhandled exception vulnerability in LibreChat's danny-avila/librechat repository, specifically in version git 600d217. Malformed input sent to certain API endpoints can cause the server to crash, resulting in a full denial of service. This issue arises from uncaught exceptions and can be exploited even without authentication, as LibreChat supports open registration. Attackers can create an account and execute the attack, making this a significant security concern. The vulnerability has been addressed in version 0.7.6.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/0erlZn
https://www.cve.org/CVERecord?id=CVE-2024-11173
https://nvd.nist.gov/vuln/detail/CVE-2024-11173

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2024-11173

CVSS 3.0 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations