CVE-2024-11033

A Denial of Service (DoS) vulnerability exists in the file upload feature of binary-husky/gpt_academic version 3.83. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this vulnerability by sending a payload with an excessively large filename, causing the server to become overwhelmed and unavailable for legitimate users.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://huntr.com/bounties/78afc15c-7db7-42fe-90f5-a0480a2ec222	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:binary-husky:gpt_academic:3.83:*:*:*:*:*:*:*

History

14 Jul 2025, 16:52

Type	Values Removed	Values Added
CPE		cpe:2.3:a:binary-husky:gpt_academic:3.83:::::::*
First Time		Binary-husky Binary-husky gpt Academic
Summary		(es) Existe una vulnerabilidad de denegación de servicio (DoS) en la función de carga de archivos de binary-husky/gpt_academic versión 3.83. Esta vulnerabilidad se debe a la gestión incorrecta de datos de formulario con un nombre de archivo demasiado grande en la solicitud de carga de archivos. Un atacante puede explotar esta vulnerabilidad enviando un payload con un nombre de archivo excesivamente grande, lo que provoca la saturación del servidor y su indisponibilidad para usuarios legítimos.
References	~~() https://huntr.com/bounties/78afc15c-7db7-42fe-90f5-a0480a2ec222 -~~	() https://huntr.com/bounties/78afc15c-7db7-42fe-90f5-a0480a2ec222 - Exploit, Third Party Advisory

20 Mar 2025, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-20 10:15

Updated : 2025-07-14 16:52

NVD link : CVE-2024-11033

Mitre link : CVE-2024-11033

CVE.ORG link : CVE-2024-11033

JSON object : View

Products Affected

binary-husky

gpt_academic

CWE

CWE-400

Uncontrolled Resource Consumption

{"id": "CVE-2024-11033", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "security@huntr.dev", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2025-03-20T10:15:22.933", "references": [{"url": "https://huntr.com/bounties/78afc15c-7db7-42fe-90f5-a0480a2ec222", "tags": ["Exploit", "Third Party Advisory"], "source": "security@huntr.dev"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security@huntr.dev", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "A Denial of Service (DoS) vulnerability exists in the file upload feature of binary-husky/gpt_academic version 3.83. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this vulnerability by sending a payload with an excessively large filename, causing the server to become overwhelmed and unavailable for legitimate users."}, {"lang": "es", "value": "Existe una vulnerabilidad de denegaci\u00f3n de servicio (DoS) en la funci\u00f3n de carga de archivos de binary-husky/gpt_academic versi\u00f3n 3.83. Esta vulnerabilidad se debe a la gesti\u00f3n incorrecta de datos de formulario con un nombre de archivo demasiado grande en la solicitud de carga de archivos. Un atacante puede explotar esta vulnerabilidad enviando un payload con un nombre de archivo excesivamente grande, lo que provoca la saturaci\u00f3n del servidor y su indisponibilidad para usuarios leg\u00edtimos."}], "lastModified": "2025-07-14T16:52:03.173", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:binary-husky:gpt_academic:3.83:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "63F16447-B71B-4EAC-9ABD-EA8B4D131601"}], "operator": "OR"}]}], "sourceIdentifier": "security@huntr.dev"}