{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-8984", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-09-18T20:50:25.840Z", "datePublished": "2025-03-20T10:09:19.131Z", "dateUpdated": "2025-10-15T12:49:58.738Z"}, "containers": {"cna": {"title": "Denial of Service (DoS) in berriai/litellm", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2025-10-15T12:49:58.738Z"}, "descriptions": [{"lang": "en", "value": "A Denial of Service (DoS) vulnerability exists in berriai/litellm version v1.44.5. This vulnerability can be exploited by appending characters, such as dashes (-), to the end of a multipart boundary in an HTTP request. The server continuously processes each character, leading to excessive resource consumption and rendering the service unavailable. The issue is unauthenticated and does not require any user interaction, impacting all users of the service."}], "affected": [{"vendor": "berriai", "product": "berriai/litellm", "versions": [{"version": "unspecified", "lessThan": "v1.65.4-stable", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/554fc76b-3097-4223-b4cf-110b853e9355"}, {"url": "https://github.com/berriai/litellm/commit/4f49f836aa844ac9b6bfbeff27e6f6b2b9cf3f61"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-770 Allocation of Resources Without Limits or Throttling", "cweId": "CWE-770"}]}], "source": {"advisory": "554fc76b-3097-4223-b4cf-110b853e9355", "discovery": "EXTERNAL"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-20T17:54:05.357409Z", "id": "CVE-2024-8984", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-20T18:56:31.542Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-8984", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-20T17:54:05.357409Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-20T17:54:07.171Z"}}], "cna": {"title": "Denial of Service (DoS) in berriai/litellm", "source": {"advisory": "554fc76b-3097-4223-b4cf-110b853e9355", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "berriai", "product": "berriai/litellm", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "latest"}]}], "references": [{"url": "https://huntr.com/bounties/554fc76b-3097-4223-b4cf-110b853e9355"}], "descriptions": [{"lang": "en", "value": "A Denial of Service (DoS) vulnerability exists in berriai/litellm version v1.44.5. This vulnerability can be exploited by appending characters, such as dashes (-), to the end of a multipart boundary in an HTTP request. The server continuously processes each character, leading to excessive resource consumption and rendering the service unavailable. The issue is unauthenticated and does not require any user interaction, impacting all users of the service."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2025-03-20T10:09:19.131Z"}}}, "cveMetadata": {"cveId": "CVE-2024-8984", "state": "PUBLISHED", "dateUpdated": "2025-03-20T18:56:31.542Z", "dateReserved": "2024-09-18T20:50:25.840Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2025-03-20T10:09:19.131Z", "assignerShortName": "@huntr_ai"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*", "matchCriteriaId": "CA751173-C195-4141-990E-BF283359EB51", "versionEndExcluding": "1.65.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:litellm:litellm:1.65.4:dev2:*:*:*:*:*:*", "matchCriteriaId": "9FF1A650-6A97-453B-AC95-C05B9864B71C", "vulnerable": true}, {"criteria": "cpe:2.3:a:litellm:litellm:1.65.4:dev6:*:*:*:*:*:*", "matchCriteriaId": "5806D436-A882-4E96-B1F6-281BDD797F0F", "vulnerable": true}, {"criteria": "cpe:2.3:a:litellm:litellm:1.65.4:dev8:*:*:*:*:*:*", "matchCriteriaId": "00216FEB-389B-4841-AA18-FB29D2CA487A", "vulnerable": true}, {"criteria": "cpe:2.3:a:litellm:litellm:1.65.4:nightly:*:*:*:*:*:*", "matchCriteriaId": "809B9B6C-FCDA-4BDB-BB3D-AB94E933F042", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A Denial of Service (DoS) vulnerability exists in berriai/litellm version v1.44.5. This vulnerability can be exploited by appending characters, such as dashes (-), to the end of a multipart boundary in an HTTP request. The server continuously processes each character, leading to excessive resource consumption and rendering the service unavailable. The issue is unauthenticated and does not require any user interaction, impacting all users of the service."}, {"lang": "es", "value": "Existe una vulnerabilidad de denegaci\u00f3n de servicio (DoS) en berriai/litellm versi\u00f3n v1.44.5. Esta vulnerabilidad puede explotarse a\u00f1adiendo caracteres, como guiones (-), al final de un l\u00edmite multiparte en una solicitud HTTP. El servidor procesa continuamente cada car\u00e1cter, lo que provoca un consumo excesivo de recursos y deja el servicio indisponible. El problema no est\u00e1 autenticado y no requiere la interacci\u00f3n del usuario, lo que afecta a todos los usuarios del servicio."}], "id": "CVE-2024-8984", "lastModified": "2025-10-15T13:15:56.553", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security@huntr.dev", "type": "Secondary"}]}, "published": "2025-03-20T10:15:45.583", "references": [{"source": "security@huntr.dev", "url": "https://github.com/berriai/litellm/commit/4f49f836aa844ac9b6bfbeff27e6f6b2b9cf3f61"}, {"source": "security@huntr.dev", "tags": ["Exploit", "Third Party Advisory"], "url": "https://huntr.com/bounties/554fc76b-3097-4223-b4cf-110b853e9355"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "security@huntr.dev", "type": "Primary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{}