Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2024-10907
Analyzed
More InfoOfficial Page
Source-security@huntr.dev
View Known Exploited Vulnerability (KEV) details
Published At-20 Mar, 2025 | 10:15
Updated At-31 Jul, 2025 | 15:37

In lm-sys/fastchat Release v0.2.36, the server fails to handle excessive characters appended to the end of multipart boundaries. This flaw can be exploited by sending malformed multipart requests with arbitrary characters at the end of the boundary. Each extra character is processed in an infinite loop, leading to excessive resource consumption and a complete denial of service (DoS) for all users. The vulnerability is unauthenticated, meaning no user login or interaction is required for an attacker to exploit this issue.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.07.5HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches
lm-sys
lm-sys
>>fastchat>>0.2.36
cpe:2.3:a:lm-sys:fastchat:0.2.36:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-400Primarysecurity@huntr.dev
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://huntr.com/bounties/bf3ca81d-3508-4455-95d9-0b653e46d6e4security@huntr.dev
Exploit
Third Party Advisory
Change History
0Changes found
Details not found