CVE-2024-10650
Last modified
CVE-2024-10650 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. An unauthenticated Denial of Service (DoS) vulnerability was identified in ChuanhuChatGPT version 20240918, which could be exploited by sending large data payloads using a multipart boundary. Although a patch was applied for CVE-2024-7807, the issue can still be exploited by sending data in groups with 10 characters in a line, with multiple lines. EPSS estimates a 0.67% chance of exploitation in the next 30 days.
Description
An unauthenticated Denial of Service (DoS) vulnerability was identified in ChuanhuChatGPT version 20240918, which could be exploited by sending large data payloads using a multipart boundary. Although a patch was applied for CVE-2024-7807, the issue can still be exploited by sending data in groups with 10 characters in a line, with multiple lines. This can cause the system to continuously process these characters, resulting in prolonged unavailability of the service. The exploitation now requires low privilege if authentication is enabled due to a version upgrade in Gradio.
Metrics
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Gaizhenbiao | Chuanhuchatgpt | 20240918 |
References
- https://huntr.com/bounties/f820371d-a878-44bf-b1fd-2d837dd58eb4Exploit, Third Party Advisory
- https://huntr.com/bounties/f820371d-a878-44bf-b1fd-2d837dd58eb4Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2024-10650?
How severe is CVE-2024-10650?
How do I fix CVE-2024-10650?
Are you affected by CVE-2024-10650?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST