LibreChat Improper Input Validation Vulnerability in File Upload Handling Leading to Denial-of-Service

A denial-of-service vulnerability has been identified in LibreChat versions through git 0c2a583. The issue arises from improper input validation in the file upload process, where the multer middleware is used to handle multipart file uploads. With the default in-memory storage option, there is no restriction on file size, allowing large files to be uploaded. This can cause the server to run out of memory and crash, creating a complete denial-of-service condition. The vulnerability can be exploited by an attacker without any privileges.

Impact

Exploitation of this vulnerability leads to a server crash, causing a complete denial-of-service condition.

Reproduction

The vulnerability can be reproduced by uploading a file larger than the server's available memory through the application's file upload feature. This can be done using a crafted multipart form-data request that includes a large file, which will overwhelm the server's memory capacity and cause it to crash.

Remediation

Users are advised to update to LibreChat version 0.7.6 or later, where this vulnerability has been fixed.