Description

A vulnerability was found in the ilab model serve component, where improper handling of the best_of parameter in the vllm JSON web API can lead to a Denial of Service (DoS). The API used for LLM-based sentence or chat completion accepts a best_of parameter to return the best completion from several options. When this parameter is set to a large value, the API does not handle timeouts or resource exhaustion properly, allowing an attacker to cause a DoS by consuming excessive system resources. This leads to the API becoming unresponsive, preventing legitimate users from accessing the service.

INFO

Published Date :

2024-09-17T16:21:15.222Z

Last Modified :

2025-11-20T20:57:47.098Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2024-8939 vulnerability.

Vendors Products
Redhat
  • Enterprise Linux Ai
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-8939.

URL Resource
https://access.redhat.com/security/cve/CVE-2024-8939 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2312782 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-8939 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-8939 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact