CVE-2024-10829

A Denial of Service DoS vulnerability in the multipart request boundary processing mechanism of eosphoros-ai/db-gpt v0.6.0 allows unauthenticated attackers to cause excessive resource consumption. The server fails to handle excessive characters appended to the end of multipart boundaries, leading...

CVE-2024-10821

A Denial of Service DoS vulnerability in the multipart request boundary processing mechanism of the Invoke-AI server version v5.0.1 allows unauthenticated attackers to cause excessive resource consumption. The server fails to handle excessive characters appended to the end of multipart boundaries...

CVE-2024-10829 Denial of Service (DoS) via Multipart Boundary in eosphoros-ai/db-gpt

A Denial of Service DoS vulnerability in the multipart request boundary processing mechanism of eosphoros-ai/db-gpt v0.6.0 allows unauthenticated attackers to cause excessive resource consumption. The server fails to handle excessive characters appended to the end of multipart boundaries, leading...

CVE-2024-10829 Denial of Service (DoS) via Multipart Boundary in eosphoros-ai/db-gpt

A Denial of Service DoS vulnerability in the multipart request boundary processing mechanism of eosphoros-ai/db-gpt v0.6.0 allows unauthenticated attackers to cause excessive resource consumption. The server fails to handle excessive characters appended to the end of multipart boundaries, leading...

CVE-2024-10821 Denial of Service (DoS) in invoke-ai/invokeai

A Denial of Service DoS vulnerability in the multipart request boundary processing mechanism of the Invoke-AI server version v5.0.1 allows unauthenticated attackers to cause excessive resource consumption. The server fails to handle excessive characters appended to the end of multipart boundaries...

CVE-2024-10821

CVE-2024-10821 affects the InvokeAI server (version v5.0.1). The vulnerability lies in the multipart request boundary handling, where appending excessive characters to the end of boundaries can cause an infinite loop and exhaust CPU/memory, leading to DoS on the endpoint /api/v1/images/upload . A...

CVE-2024-12704 Denial of Service (DoS) in run-llama/llama_index

A vulnerability in the LangChainLLM class of the run-llama/llamaindex repository, version v0.12.5, allows for a Denial of Service DoS attack. The streamcomplete method executes the llm using a thread and retrieves the result via the getresponsegen method of the StreamingGeneratorCallbackHandler...

CVE-2024-12704

CVE-2024-12704 affects run-llama/llama_index version v0.12.5, specifically the LangChainLLM class. The vulnerability arises in the streaming path: stream_complete runs the LLM in a thread and returns results via StreamingGeneratorCallbackHandler.get_response_gen. If the thread terminates abnormal...

CVE-2024-12704 Denial of Service (DoS) in run-llama/llama_index

A vulnerability in the LangChainLLM class of the run-llama/llamaindex repository, version v0.12.5, allows for a Denial of Service DoS attack. The streamcomplete method executes the llm using a thread and retrieves the result via the getresponsegen method of the StreamingGeneratorCallbackHandler...

CVE-2024-9340 Denial of Service (DoS) via Multipart Boundary in zenml-io/zenml

A Denial of Service DoS vulnerability in zenml-io/zenml version 0.66.0 allows unauthenticated attackers to cause excessive resource consumption by sending malformed multipart requests with arbitrary characters appended to the end of multipart boundaries. This flaw in the multipart request boundar...

ZenML 资源管理错误漏洞

ZenML is an extensible open source MLOps framework from ZenML Open Source for creating portable, production-ready machine learning pipelines. A resource management error vulnerability exists in ZenML version 0.66.0, which stems from a flaw in the multipart request boundary handling mechanism that...

PT-2025-12140 · Run Llama · Llama Index

Name of the Vulnerable Software and Affected Versions: run-llama/llama index version v0.12.5 Description: A vulnerability in the LangChainLLM class allows for a Denial of Service DoS attack. The stream complete method executes the llm using a thread and retrieves the result via the get response g...

RockyLinux 9 : runc (RLSA-2024:9200)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:9200 advisory. golang: net: malformed DNS message can cause infinite loop CVE-2024-24788 Tenable has extracted the preceding description block directly from the RockyLinux...

CLSA-2025-1742319123 java-11-openjdk: Fix of 11 CVEs

Upgrade to openjdk-11.0.26+4. The following CVEs were fixed: - CVE-2024-21131: potential UTF8 size overflow - CVE-2024-21138: excessive symbol length can lead to infinite loop - CVE-2024-21140: range Check Elimination RCE pre-loop limit overflow - CVE-2024-21144: Pack200 increase loading time due...

Linux kernel infinite loop vulnerability (CNVD-2025-05315)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from an infinite loop vulnerability that stems from a namespace disablement that can lead to a crash. The vulnerability can be exploited by an attacker to...

PT-2025-35965

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An infinite loop may occur in the exFAT file system due to file system corruption if a cluster chain includes a loop and there are no unused entries in the chain. Specifically, this issu...

oci-seccomp-bpf-hook security update

An update is available for oci-seccomp-bpf-hook. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list OCI Hook to generate seccomp json files based on EBF syscalls us...

RLSA-2024:9559 Important: libsoup security update

The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: infinite loop while reading websocket data CVE-2024-52532 libsoup: HTTP request smuggling via stripping null bytes from the ends of header names CVE-2024-52530 For more details about the security...

RLSA-2024:9200 Moderate: runc security update

The runC tool is a lightweight, portable implementation of the Open Container Format OCF that provides container runtime. Security Fixes: golang: net: malformed DNS message can cause infinite loop CVE-2024-24788 For more details about the security issues, including the impact, a CVSS score,...

In Azle, calling `setTimer` causes infinite loop of timers

Impact Calling setTimer in Azle versions 0.27.0, 0.28.0, and 0.29.0 causes an immediate infinite loop of timers to be executed on the canister, each timer attempting to clean up the global state of the previous timer. The infinite loop will occur with any valid invocation of setTimer. Patches The...