A vulnerability was found in the ilab model serve component, where improper handling of the best_of parameter in the vllm JSON web API can lead to a Denial of Service (DoS). The API used for LLM-based sentence or chat completion accepts a best_of parameter to return the best completion from several options. When this parameter is set to a large value, the API does not handle timeouts or resource exhaustion properly, allowing an attacker to cause a DoS by consuming excessive system resources. This leads to the API becoming unresponsive, preventing legitimate users from accessing the service.
Metrics
Affected Vendors & Products
References
History
Tue, 17 Sep 2024 20:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 17 Sep 2024 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | No description is available for this CVE. | A vulnerability was found in the ilab model serve component, where improper handling of the best_of parameter in the vllm JSON web API can lead to a Denial of Service (DoS). The API used for LLM-based sentence or chat completion accepts a best_of parameter to return the best completion from several options. When this parameter is set to a large value, the API does not handle timeouts or resource exhaustion properly, allowing an attacker to cause a DoS by consuming excessive system resources. This leads to the API becoming unresponsive, preventing legitimate users from accessing the service. |
Title | vllm: Denials of Service in vllm JSON web API | Vllm: denials of service in vllm json web api |
First Time appeared |
Redhat
Redhat enterprise Linux Ai |
|
CPEs | cpe:/a:redhat:enterprise_linux_ai:1 | |
Vendors & Products |
Redhat
Redhat enterprise Linux Ai |
|
References |
|
Tue, 17 Sep 2024 11:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | No description is available for this CVE. | |
Title | vllm: Denials of Service in vllm JSON web API | |
Weaknesses | CWE-400 | |
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2024-09-17T16:21:15.222Z
Updated: 2024-12-24T03:24:38.445Z
Reserved: 2024-09-17T08:06:08.909Z
Link: CVE-2024-8939
Vulnrichment
Updated: 2024-09-17T19:51:17.705Z
NVD
Status : Awaiting Analysis
Published: 2024-09-17T17:15:11.327
Modified: 2024-09-20T12:30:51.220
Link: CVE-2024-8939
Redhat