Vercel AI SDK Unbounded Response Handling Leads to Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the Vercel AI SDK, specifically in the '@ai-sdk/provider-utils' package, all versions prior to 3.0.97. The issue arises in the response handling functions 'createJsonResponseHandler' and 'createJsonErrorResponseHandler', located in 'packages/provider-utils/src/response-handler.ts'. These functions lack proper response size limitations when processing full text or JSON payloads from backend AI providers. As a result, a malicious provider can stream an infinite response, causing the Node.js application to exhaust its memory and crash. This vulnerability can be exploited remotely, leading to a high-impact denial-of-service condition for all active sessions on the affected server.

Impact

Exploitation of this vulnerability causes the Node.js application to run out of memory and crash, terminating the process and disrupting service for all active sessions. This denial-of-service condition can be easily triggered by a remote attacker controlling the response from an AI provider or MCP server.

Reproduction

The vulnerability can be reproduced by setting up a malicious server that streams an infinite response without a 'Content-Length' header. This response can be sent to a Node.js application using the Vercel AI SDK, which will then crash due to memory exhaustion.