CVE-2024-7771
📋 TL;DR
A denial-of-service vulnerability in Dockerized anything-llm allows attackers to crash the entire site instance by uploading an audio file with a very low sample rate (1 Hz). The localWhisper implementation's resampling process exhausts available memory, causing the Docker instance to be killed. This affects anyone running the vulnerable Dockerized version of anything-llm.
💻 Affected Systems
- mintplex-labs/anything-llm
📦 What is this software?
Anythingllm by Mintplexlabs
⚠️ Risk & Real-World Impact
Worst Case
Complete service disruption with the Docker instance being killed, requiring manual restart and potentially causing data loss or service unavailability.
Likely Case
Temporary denial of service requiring container restart, disrupting transcription functionality and potentially other services on the same instance.
If Mitigated
Minimal impact with proper input validation and resource monitoring preventing the crash.
🎯 Exploit Status
Exploit requires only uploading a specially crafted audio file with 1 Hz sample rate to trigger the vulnerability.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Commit dd0176c6cbbf42abdef7861a66558c53b66424d07 and later
Vendor Advisory: https://github.com/mintplex-labs/anything-llm/commit/dd0176c6cbbf42abdef7861a66558c53b66424d07
Restart Required: Yes
Instructions:
1. Pull the latest Docker image: docker pull mintplex-labs/anything-llm:latest
2. Stop the running container: docker stop [container_name]
3. Remove the old container: docker rm [container_name]
4. Start a new container with the updated image
🔧 Temporary Workarounds
Input validation for audio files
allImplement server-side validation to reject audio files with sample rates below a safe threshold (e.g., 8000 Hz)
Resource limits on Docker container
linuxSet memory limits on the Docker container to prevent complete host exhaustion
docker run --memory=2g --memory-swap=2g [other_options] mintplex-labs/anything-llm
🧯 If You Can't Patch
- Disable audio file upload functionality entirely
- Implement WAF rules to block audio files with suspicious sample rates
🔍 How to Verify
Check if Vulnerable:
Check if your Docker image digest matches or is earlier than 1d9452da2b92: docker inspect [container_name] | grep -A 5 'RepoDigests'Check Version:
docker inspect [container_name] | grep -A 5 'RepoDigests'Verify Fix Applied:
Verify the container is running with a digest later than the vulnerable one and test uploading a low sample rate audio file to ensure it doesn't crash.📡 Detection & Monitoring
Log Indicators:
- Docker container killed due to OOM (Out of Memory)
- Audio processing errors with resampling failures
- Sudden container restarts after file uploads
Network Indicators:
- Multiple failed upload attempts with audio files
- Unusual traffic patterns to audio upload endpoints
SIEM Query:
source="docker" AND ("killed" OR "OOM" OR "out of memory") AND container_name="anything-llm"