Unauthenticated Denial of Service via ast.literal_eval
An unauthenticated Denial of Service (DoS) vulnerability was discovered in the litellm server, affecting version git 26c03c9. The issue arises from the use of ast.literal_eval to parse user input, which can be exploited to crash the server. The vulnerability has not yet been patched.
Available publicly on Nov 28 2024
Threat Overview
The vulnerability stems from the use of the ast.literal_eval function to parse user input, including input from unauthenticated users. This function is known to be unsafe and can be exploited to cause a Denial of Service (DoS) attack. An attacker can send a specially crafted payload to endpoints protected by user_api_key_auth middleware, causing the server to crash with a segmentation fault (SIGSEGV).
Attack Scenario
An attacker sends a large payload consisting of repeated '()' characters to an endpoint on the litellm server that uses the user_api_key_auth middleware. The server attempts to parse this payload using ast.literal_eval, leading to excessive memory consumption and ultimately causing a segmentation fault, crashing the server.
Who is affected
Users running the litellm server version git 26c03c9 are affected by this vulnerability. This includes any deployment where user input is parsed using ast.literal_eval without proper authentication or input validation.
Technical Report
Want more out of Sightline?
Sightline offers even more for premium customers
Go Premium
We have - related security advisories that are available with Sightline Premium.