High

chuanhuchatgpt

Denial of Service via Multipart Boundary Manipulation

A Denial of Service (DOS) vulnerability was identified in version 20240628 of ChuanhuChatGPT. The issue arises when an attacker appends a large number of characters to the end of a multipart boundary during file upload, causing the system to become unresponsive. This vulnerability has not yet been patched.

Available publicly on Sep 29 2024

7.5

CVE:

CVE-2024-7807

CWE:

400:Uncontrolled Resource Consumption

CVSS:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Credit:

mnqazi
AssessDetect

Unavailable

Remediate
Remediation Steps
  • Implement input validation to limit the length of multipart boundaries.
  • Introduce a timeout mechanism to abort processing if it takes too long.
  • Update the server to handle unexpected input more gracefully.
  • Monitor and log unusual activity to detect and mitigate potential attacks.
  • Apply patches and updates as soon as they are released by the software maintainers.
Patch Details
  • Fixed Version: N/A
  • Patch Commit: N/A
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have - related security advisories that are available with Sightline Premium.