Volerion logoVolerion
Volerion logoVolerion

LibreChat Unhandled Exception Leading to Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in LibreChat version 3c94ff2. The issue arises from an unhandled exception in the 'fs' module during file upload processing, which can cause the server to crash. An unauthenticated user can exploit this vulnerability by sending a specially crafted request that triggers the exception, leading to a server outage.

Impact

Exploitation of this vulnerability causes the server to crash, interrupting service availability.

Reproduction

The vulnerability can be reproduced by sending a file upload request that includes a null byte in the filename. This can be done using a multipart form-data request. After the server processes the request, it will crash due to the uncaught exception caused by the null byte in the file path.

Remediation

Users can update to LibreChat version 0.7.6 or later, where this vulnerability has been fixed.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
1.4
impact
2.5
exploitability
9.1
remediation
7.7
relevance
0.0
threat
6.4
urgency
2.9
incentive
10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.