CVE-2024-8939

CVSS 3.1 Score 6.2 of 10 (medium)

Details

Published Sep 17, 2024
Updated: Sep 20, 2024
CWE ID 400

Summary

CVE-2024-8939 is a vulnerability in the ilab model serve component that results from improper handling of the best_of parameter in the vllm JSON web API, potentially leading to a Denial of Service (DoS). This issue affects products utilizing this API for large language model-based sentence or chat completion, particularly when the best_of parameter is set to high values, causing resource exhaustion and unresponsiveness. To remediate this vulnerability, organizations should implement timeout controls and limit the maximum value for the best_of parameter to prevent excessive resource consumption. The vulnerability has a medium severity rating with a base score of 6.2, indicating that an attacker could exploit it without requiring privileges or user interaction. If successfully exploited, it can significantly impact system availability, rendering the service inaccessible to legitimate users.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share