lm-sys FastChat Denial-of-Service Vulnerability via Multipart Boundary Manipulation
Vulnerability
A denial-of-service vulnerability has been identified in lm-sys FastChat version 0.2.36. The issue arises because the server does not properly manage excessive characters added to the end of multipart boundaries. This flaw can be exploited by sending malformed multipart requests with arbitrary characters, such as hyphens or spaces, at the end of the boundary. The server processes each extra character in an infinite loop, causing excessive resource consumption and rendering the service unresponsive for all users. This vulnerability can be exploited without authentication or user interaction.
Impact
Exploitation of this vulnerability leads to significant resource exhaustion, causing the server to become unresponsive and unavailable for all users.
Reproduction
The vulnerability can be reproduced by sending a multipart request to the server with an excessive number of characters appended to the end of the multipart boundary. The server will process these extra characters in an infinite loop, leading to a denial-of-service condition.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.