Lucene search
RedhatCVELIST:CVE-2024-8768HistorySep 17, 2024 - 4:20 p.m.
CVE-2024-8768 Vllm: a completions api request with an empty prompt will crash the vllm api server.
2024-09-1716:20:42
CWE-617
redhat
www.cve.org
3
vllm
completions
api
server
denial of service
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0
Percentile
16.3%
A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service.
CNA Affected
[
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux AI (RHEL AI)",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "rhelai1/bootc-nvidia-rhel9",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:enterprise_linux_ai:1"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux AI (RHEL AI)",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "rhelai1/instructlab-nvidia-rhel9",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:enterprise_linux_ai:1"
]
}
]Related
vulnrichment
vulnrichment
github
github
vLLM denial of service vulnerability
2024-09-17 18:33:26
nvd
nvd
CVE-2024-8768
2024-09-17 17:15:11
osv
osv
vLLM denial of service vulnerability
2024-09-17 18:33:26
cve
cve
CVE-2024-8768
2024-09-17 17:15:11
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0
Percentile
16.3%
Related for CVELIST:CVE-2024-8768