vLLM denial of service vulnerability

GHSA-w2r7-9579-27hf · CVE-2024-8768

Published Sep 17, 2024 · Modified Feb 4, 2026

Description

A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-8768
WEB https://github.com/vllm-project/vllm/issues/7632
WEB https://github.com/vllm-project/vllm/pull/7746
WEB https://github.com/vllm-project/vllm/commit/e25fee57c2e69161bd261f5986dc5aeb198bbd42
WEB https://access.redhat.com/security/cve/CVE-2024-8768
WEB https://bugzilla.redhat.com/show_bug.cgi?id=2311895
PACKAGE https://github.com/vllm-project/vllm

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes