CVE-2024-12704

CVSS 3.0 Score 7.5 of 10 (high)

Details

Published Mar 20, 2025

CWE ID 755

Summary

CVE-2024-12704 is a newly disclosed vulnerability affecting the LangChainLLM class in the run-llama/llama_index repository, version v0.12.5. This issue allows an attacker to initiate a Denial of Service (DoS) attack by manipulating the input type in the stream_complete method. If the thread executing the llm function terminates abnormally before _llm.predict is executed, the get_response_gen function enters an infinite loop, consuming system resources and causing the process to continue indefinitely. This vulnerability can be exploited to cause a denial of service condition and should be patched as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Llamaindex

Affected Vendors

Llama Index

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Stimmen aus Moskau: Russian Influence Operations Target German Elections

2024 Malicious Infrastructure Report

2024 Annual Report

Know What Matters

For Customers

For Partners