Denial of Service Vulnerability in ilab Model Serve Component by Red Hat
CVE-2024-8939

6.2MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux Ai (rhel Ai)
Vendor: CVE Published:; 17 September 2024

Summary

A vulnerability in the ilab model serve component could be exploited by sending a large value to the best_of parameter in its JSON web API, which is responsible for LLM-based sentence or chat completions. This improper handling can lead to unhandled timeouts and resource exhaustion, allowing attackers to overload the system. As a result, the API may become unresponsive, interrupting access for legitimate users and causing significant service disruptions.

References

https://access.redhat.com/security/cve/CVE-2024-8939

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2312782

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

6.2

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 17, 2024

Credit

Red Hat would like to thank Thibault Guittet for reporting this issue.