CVE-2024-8984

High CVSS: 7.5

A Denial of Service (DoS) vulnerability exists in berriai/litellm version v1.44.5. This vulnerability can be exploited by appending characters, such as dashes (-), to the end of a multipart boundary in an HTTP request. The server continuously processes each character, leading to excessive resource consumption and rendering the service unavailable. The issue is unauthenticated and does not require any user interaction, impacting all users of the service.

Vendor

Litellm

Product

Litellm

CWE

CWE-770

Yayın Tarihi

2025-03-20 10:15:45

Güncelleme

2025-10-15 13:15:56

Source Identifier

security@huntr.dev

KEV Date Added

Kategoriler

CWE-770 Litellm HIGH Litellm 2025

Referanslar

https://github.com/berriai/litellm/commit/4f49f836aa844ac9b6bfbeff27e6f6b2b9cf3f61 https://huntr.com/bounties/554fc76b-3097-4223-b4cf-110b853e9355

Benzer Kayıtlar

Medium

CVE-2025-45809

SQL Injection vulnerability in BerriAI LiteLLM before 1.81.0 allows attackers to execute arbitrary commands via the key…

High

CVE-2025-0330

In berriai/litellm version v1.52.1, an issue in proxy_server.py causes the leakage of Langfuse API keys when an error oc…

High

CVE-2024-9606

In berriai/litellm before version 1.44.12, the `litellm/litellm_core_utils/litellm_logging.py` file contains a vulnerabi…

High

CVE-2024-6825

BerriAI/litellm version 1.40.12 contains a vulnerability that allows remote code execution. The issue exists in the hand…