CVE-2024-8768

{"id": "CVE-2024-8768", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-09-17T17:15:11.100", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-8768", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311895", "source": "secalert@redhat.com"}, {"url": "https://github.com/vllm-project/vllm/issues/7632", "source": "secalert@redhat.com"}, {"url": "https://github.com/vllm-project/vllm/pull/7746", "source": "secalert@redhat.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-617"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en la librer\u00eda vLLM. Una solicitud de API de finalizaci\u00f3n con un mensaje vac\u00edo bloquear\u00e1 el servidor de API de vLLM, lo que provocar\u00e1 una denegaci\u00f3n de servicio."}], "lastModified": "2024-09-20T12:30:51.220", "sourceIdentifier": "secalert@redhat.com"}