Nixpkgs security tracker

Untriaged

Permalink CVE-2024-8768

7.5 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

created 4 months, 2 weeks ago

Vllm: a completions api request with an empty prompt will crash the vllm api server.

A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service.

References

https://access.redhat.com/security/cve/CVE-2024-8768 vdb-entryx_refsource_REDHAT
RHBZ#2311895 issue-trackingx_refsource_REDHAT
https://github.com/vllm-project/vllm/issues/7632
https://github.com/vllm-project/vllm/pull/7746

Affected products

vllm

<0.5.5

rhelai1/bootc-nvidia-rhel9

rhelai1/instructlab-nvidia-rhel9

Matching in nixpkgs

pkgs.vllm

High-throughput and memory-efficient inference and serving engine for LLMs

nixos-unstable 0.9.1
- nixpkgs-unstable 0.9.1
- nixos-unstable-small 0.9.1

pkgs.python312Packages.vllm

High-throughput and memory-efficient inference and serving engine for LLMs

nixos-unstable 0.9.1
- nixpkgs-unstable 0.9.1
- nixos-unstable-small 0.9.1

pkgs.python313Packages.vllm

High-throughput and memory-efficient inference and serving engine for LLMs

nixos-unstable 0.9.0.1
- nixpkgs-unstable 0.9.0.1
- nixos-unstable-small 0.9.0.1

Package maintainers

@CertainLach Yaroslav Bolyukin <iam@lach.pw>
@happysalada Raphael Megzari <raphael@megzari.com>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.vllm

pkgs.python312Packages.vllm

pkgs.python313Packages.vllm

Package maintainers