CVE-2024-8768

HIGH

Published September 17, 2024

A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of...

Full analysis pending. Showing NVD description excerpt.

Severity & Risk

CVSS 3.1

7.5 / 10

EPSS

N/A

KEV Status

Not in KEV

Sophistication

N/A

Recommended Action

No patch available

Monitor for updates. Consider compensating controls or temporary mitigations.

Compliance Impact

Compliance analysis pending. Sign in for full compliance mapping when available.

Technical Details

NVD Description

A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service.

Weaknesses (CWE)

CWE-617

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

access.redhat.com/security/cve/CVE-2024-8768
bugzilla.redhat.com/show_bug.cgi
github.com/vllm-project/vllm/issues/7632
github.com/vllm-project/vllm/pull/7746

Timeline

Published

September 17, 2024

Last Modified

September 20, 2024

First Seen

September 17, 2024

Back to Threat Feed