Timing Attack Vulnerability in mudler/localai Affects Security of Cryptographic Algorithms
CVE-2024-7010

5.9MEDIUM

Key Information:

Vendor: Mudler
Status: Localai
Vendor: CVE Published:; 29 October 2024

What is CVE-2024-7010?

The localai product from mudler is susceptible to a Timing Attack, which is a type of side-channel vulnerability. This exploit enables a malicious actor to glean sensitive information by measuring the time differential in cryptographic algorithm execution. Particularly concerning is the impact on password management—attackers could ascertain valid credentials through variations in server response times. Consequently, this jeopardizes users’ accounts, allowing for potential unauthorized access and compromising overall cybersecurity.

References

https://huntr.com/bounties/e286ed00-6383-47de-b5bc-9b9fad...

https://github.com/mudler/localai/commit/db1159b6511e8fa0...

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 29, 2024

Mudler

What is CVE-2024-7010?

References

CVSS V3.1

Timeline