CVE-2024-8768

Summary

A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service.

Affected Software

VendorProductVersion RangeStatus
0 < 0.5.5affected

Weaknesses

  • CWE-617: Reachable Assertion

Workarounds

Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References