High

fastchat

DoS via Large Filename in File Upload

A Denial of Service (DoS) vulnerability was discovered in the file upload feature of FastChat version v0.2.36. The vulnerability allows an attacker to overwhelm the server by sending a file with an excessively large filename, leading to unavailability for legitimate users. The issue has not yet been patched.

Available publicly on Jan 07 2025

7.5

CVE:

CVE-2024-10912

CWE:

400:Uncontrolled Resource Consumption

CVSS:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Credit:

mnqazi
AssessDetect

Unavailable

Remediate
Remediation Steps
  1. Implement filename length validation to reject excessively large filenames.
  2. Apply rate limiting to the file upload endpoint to mitigate the impact of such attacks.
  3. Monitor and log unusual activity on the file upload endpoint to detect potential exploitation attempts.
  4. Update the FastChat software to include these mitigations once a patch is released.
Patch Details
  • Fixed Version: N/A
  • Patch Commit: N/A
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have - related security advisories that are available with Sightline Premium.