CVE-2024-10912
📋 TL;DR
A Denial of Service (DoS) vulnerability in lm-sys/fastchat version 0.2.36 allows attackers to crash the server by uploading a file with an excessively large filename. This affects users of fastchat's file upload feature, potentially making the service unavailable to legitimate users.
💻 Affected Systems
- lm-sys/fastchat
📦 What is this software?
Fastchat by Lm Sys
⚠️ Risk & Real-World Impact
Worst Case
Complete service outage, rendering the fastchat server unavailable to all users until restarted.
Likely Case
Temporary service disruption or slowdown due to server resource exhaustion from repeated attacks.
If Mitigated
Minimal impact if file uploads are disabled or filename length is restricted via workarounds.
🎯 Exploit Status
Exploitation is straightforward by crafting a malicious HTTP request with a large filename in form-data, requiring no authentication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check for updates beyond version 0.2.36; refer to the vendor advisory for specific patched version.
Vendor Advisory: https://huntr.com/bounties/52f335b8-1134-4d0f-acb4-efef516de414
Restart Required: No
Instructions:
1. Update fastchat to the latest patched version via pip: 'pip install --upgrade fastchat'. 2. Verify the update by checking the version. 3. No restart is typically required for Python applications, but restart the service if issues persist.
🔧 Temporary Workarounds
Restrict filename length in web server configuration
allConfigure your web server (e.g., Nginx, Apache) to reject requests with overly long filenames before they reach the fastchat application.
For Nginx: add 'client_max_body_size' and limit request headers in config.
For Apache: use 'LimitRequestFieldSize' directive in config.
Disable file upload feature
allTemporarily disable the vulnerable file upload endpoint if not essential for functionality.
Modify fastchat configuration or code to remove or block the upload route.
🧯 If You Can't Patch
- Implement rate limiting on the file upload endpoint to reduce impact of repeated attacks.
- Use a Web Application Firewall (WAF) to block requests with abnormally long filenames.
🔍 How to Verify
Check if Vulnerable:
Check if running fastchat version 0.2.36 by inspecting the package version or application logs for version info.Check Version:
python -c "import fastchat; print(fastchat.__version__)" or check pip list: 'pip show fastchat'Verify Fix Applied:
After updating, confirm the version is no longer 0.2.36 and test file uploads with normal filenames to ensure functionality.📡 Detection & Monitoring
Log Indicators:
- Log entries showing HTTP 413 errors or server crashes related to file upload requests.
- Unusually large request headers or filenames in access logs.
Network Indicators:
- Spikes in traffic to the file upload endpoint with malformed requests.
- Increased server response times or timeouts from that endpoint.
SIEM Query:
Example: 'source="fastchat.log" AND ("413" OR "upload" AND "error")'