BerriAI litellm Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in BerriAI's litellm, specifically in commit 26c03c9. This vulnerability allows unauthenticated users to crash the litellm Python server by exploiting the unsafe use of ast.literal_eval for parsing user input. The issue arises because ast.literal_eval can be manipulated to create a payload that overwhelms the server, leading to a segmentation fault and causing the server to crash.

Impact

Exploitation of this vulnerability allows for a denial-of-service condition, where the litellm server crashes and becomes unavailable.

Reproduction

To reproduce this vulnerability, send a payload consisting of one million parentheses to any endpoint that requires user API key authentication. The server will process the request, but the payload will cause the server to crash with a segmentation fault error.

Remediation

Users can update to litellm version 1.53.1 or later, where this vulnerability has been fixed.