LibreChat Denial-of-Service Vulnerability via Unbounded Parameters in Memories API Endpoint

A denial-of-service vulnerability has been identified in LibreChat version 0.7.9. The issue arises in the '/api/memories' endpoint, where the 'key' and 'value' parameters can accept excessively large inputs without proper validation. This lack of input control leads to a null pointer error in the Rust-based backend when large values are submitted, causing the memory creation feature to fail. As a result, users are unable to create new memories until the server is manually restarted, disrupting the overall stability of the service.

Impact

Exploitation of this vulnerability causes a null pointer error in the backend, leading to a failure in the memory creation feature. This disruption requires a manual server restart to resolve, causing a denial-of-service condition for users trying to use this feature.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/api/memories' endpoint with 'key' and 'value' parameters that contain unbounded, excessively large inputs. When the server processes these large values, it responds with a null pointer error, indicating that the service has crashed. This can be automated with a script that includes a valid authentication token and targets the vulnerable endpoint with the oversized payloads.

Remediation

Users can update to LibreChat version 0.8.0-rc2, where this vulnerability has been fixed. The latest version can be downloaded from the official LibreChat repository on GitHub.