CVE-2024-8984

A Denial of Service (DoS) vulnerability exists in berriai/litellm version v1.44.5. This vulnerability can be exploited by appending characters, such as dashes (-), to the end of a multipart boundary in an HTTP request. The server continuously processes each character, leading to excessive resource consumption and rendering the service unavailable. The issue is unauthenticated and does not require any user interaction, impacting all users of the service.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://huntr.com/bounties/554fc76b-3097-4223-b4cf-110b853e9355	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:litellm:litellm::::::::
	cpe:2.3:a:litellm:litellm:1.65.4:dev2::::::
	cpe:2.3:a:litellm:litellm:1.65.4:dev6::::::
	cpe:2.3:a:litellm:litellm:1.65.4:dev8::::::
	cpe:2.3:a:litellm:litellm:1.65.4:nightly::::::

History

15 Jul 2025, 14:59

Type	Values Removed	Values Added
References	~~() https://huntr.com/bounties/554fc76b-3097-4223-b4cf-110b853e9355 -~~	() https://huntr.com/bounties/554fc76b-3097-4223-b4cf-110b853e9355 - Exploit, Third Party Advisory
CWE		NVD-CWE-noinfo
CPE		cpe:2.3:a:litellm:litellm:1.65.4:dev2:::::: cpe:2.3:a:litellm:litellm:1.65.4:nightly:::::: cpe:2.3:a:litellm:litellm:1.65.4:dev6:::::: cpe:2.3:a:litellm:litellm:::::::: cpe:2.3:a:litellm:litellm:1.65.4:dev8::::::
Summary		(es) Existe una vulnerabilidad de denegación de servicio (DoS) en berriai/litellm versión v1.44.5. Esta vulnerabilidad puede explotarse añadiendo caracteres, como guiones (-), al final de un límite multiparte en una solicitud HTTP. El servidor procesa continuamente cada carácter, lo que provoca un consumo excesivo de recursos y deja el servicio indisponible. El problema no está autenticado y no requiere la interacción del usuario, lo que afecta a todos los usuarios del servicio.
First Time		Litellm Litellm litellm

20 Mar 2025, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-20 10:15

Updated : 2025-07-15 14:59

NVD link : CVE-2024-8984

Mitre link : CVE-2024-8984

CVE.ORG link : CVE-2024-8984

JSON object : View

Products Affected

litellm

litellm

CWE

CWE-400

Uncontrolled Resource Consumption

NVD-CWE-noinfo

7.5 /10