AI Threat Alert AI Threat Alert

CVE-2024-10650: ChuanhuChatGPT: DoS via multipart payload exhaustion

UNKNOWN PoC AVAILABLE CISA: TRACK*
Published March 20, 2025
CISO Take

ChuanhuChatGPT remains vulnerable to DoS despite a prior patch (CVE-2024-7807) — attackers can craft multipart requests with specific 10-char-per-line patterns to exhaust server processing with minimal bandwidth. Update immediately to the latest version and add WAF-level rate limiting on multipart requests. Low risk for most enterprises, but critical if this tool is exposed as a self-hosted ChatGPT interface to internal or external users.

Risk Assessment

Moderate availability risk. The patch bypass of CVE-2024-7807 signals incomplete remediation — a pattern that typically attracts follow-on exploitation attempts. Authentication reduces but does not eliminate exposure (low-privilege suffices). Impact is limited to availability with no RCE or data exfiltration vector identified. Risk is elevated for teams using this as a production-facing LLM interface or for AI operations teams depending on continuous availability.

Affected Systems

Package Ecosystem Vulnerable Range Patched
chuanhuchatgpt pip No patch

Do you use chuanhuchatgpt? You're affected.

Severity & Risk

CVSS 3.1
N/A
EPSS
0.7%
chance of exploitation in 30 days
Higher than 71% of all CVEs
Source: EPSS v3 — FIRST.org
Exploitation Status
Exploit Available
Exploitation: MEDIUM
Sophistication
Trivial
Exploitation Confidence
medium
CISA SSVC: Public PoC
Public PoC indexed (trickest/cve)
Composite signal derived from CISA KEV, CISA SSVC, EPSS, trickest/cve, and Nuclei templates.

Recommended Action

5 steps

  1. Upgrade ChuanhuChatGPT beyond version 20240918 immediately.

  2. Add WAF/proxy rules to enforce maximum multipart part count and line length limits.

  3. Configure request size limits and connection timeouts at the reverse proxy (nginx/Caddy) layer.

  4. Enable authentication if not already active — reduces attack surface from unauthenticated to low-privilege.

  5. Monitor access logs for anomalous multipart request volumes or unusual boundary patterns as a detection signal.

CISA SSVC Assessment

Decision Track*
Exploitation poc
Automatable Yes
Technical Impact partial

Source: CISA Vulnrichment (SSVC v2.0). Decision based on the CISA Coordinator decision tree.

Classification

DoS Framework API AML.T0029 AML.T0034 AML.T0049

Compliance Impact

This CVE is relevant to:

EU AI Act
Article 9 - Risk management system
ISO 42001
6.1.2 - AI risk assessment
NIST AI RMF
MANAGE-2.2 - Mechanisms to sustain AI system availability and resilience
OWASP LLM Top 10
LLM10 - Unbounded Consumption

Frequently Asked Questions

What is CVE-2024-10650?

ChuanhuChatGPT remains vulnerable to DoS despite a prior patch (CVE-2024-7807) — attackers can craft multipart requests with specific 10-char-per-line patterns to exhaust server processing with minimal bandwidth. Update immediately to the latest version and add WAF-level rate limiting on multipart requests. Low risk for most enterprises, but critical if this tool is exposed as a self-hosted ChatGPT interface to internal or external users.

Is CVE-2024-10650 actively exploited?

Proof-of-concept exploit code is publicly available for CVE-2024-10650, increasing the risk of exploitation.

How to fix CVE-2024-10650?

1. Upgrade ChuanhuChatGPT beyond version 20240918 immediately. 2. Add WAF/proxy rules to enforce maximum multipart part count and line length limits. 3. Configure request size limits and connection timeouts at the reverse proxy (nginx/Caddy) layer. 4. Enable authentication if not already active — reduces attack surface from unauthenticated to low-privilege. 5. Monitor access logs for anomalous multipart request volumes or unusual boundary patterns as a detection signal.

What systems are affected by CVE-2024-10650?

This vulnerability affects the following AI/ML architecture patterns: ml_ui, model serving.

What is the CVSS score for CVE-2024-10650?

No CVSS score has been assigned yet.

Technical Details

NVD Description

An unauthenticated Denial of Service (DoS) vulnerability was identified in ChuanhuChatGPT version 20240918, which could be exploited by sending large data payloads using a multipart boundary. Although a patch was applied for CVE-2024-7807, the issue can still be exploited by sending data in groups with 10 characters in a line, with multiple lines. This can cause the system to continuously process these characters, resulting in prolonged unavailability of the service. The exploitation now requires low privilege if authentication is enabled due to a version upgrade in Gradio.

Exploitation Scenario

An adversary sends crafted HTTP multipart POST requests to the ChuanhuChatGPT endpoint, structuring the multipart body with boundaries split into groups of exactly 10 characters per line across many lines. The server iterates character-by-character over this crafted structure, consuming CPU in a tight processing loop. A single attacker with low bandwidth can sustain the condition indefinitely, keeping the service unavailable for legitimate users without triggering volumetric DoS detection thresholds.

Weaknesses (CWE)

CWE-770

References

Timeline

Published
March 20, 2025
Last Modified
October 15, 2025
First Seen
March 20, 2025

Related Vulnerabilities

CRITICAL CVE-2024-3234 9.8

ChuanhuChatGPT: path traversal exposes LLM API keys

Same package: chuanhuchatgpt
MEDIUM CVE-2023-34094 5.3

ChuanhuChatGPT: config exposure leaks API keys

Same package: chuanhuchatgpt
UNKNOWN CVE-2024-10707

ChuanhuChatGPT: path traversal exposes server files unauthed

Same package: chuanhuchatgpt
CRITICAL CVE-2026-33660 10.0

TensorFlow: type confusion NPD in tensor conversion

Same attack type: DoS
CRITICAL CVE-2023-25668 9.8

TensorFlow: unauthenticated RCE via heap buffer overflow

Same attack type: DoS
Back to Threat Feed