{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-16T23:09:10.607","vulnerabilities":[{"cve":{"id":"CVE-2024-10907","sourceIdentifier":"security@huntr.dev","published":"2025-03-20T10:15:21.357","lastModified":"2025-10-15T13:15:37.713","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In lm-sys/fastchat Release v0.2.36, the server fails to handle excessive characters appended to the end of multipart boundaries. This flaw can be exploited by sending malformed multipart requests with arbitrary characters at the end of the boundary. Each extra character is processed in an infinite loop, leading to excessive resource consumption and a complete denial of service (DoS) for all users. The vulnerability is unauthenticated, meaning no user login or interaction is required for an attacker to exploit this issue."},{"lang":"es","value":"En la versión v0.2.36 de lm-sys/fastchat, el servidor no gestiona el exceso de caracteres añadidos al final de los límites multiparte. Esta vulnerabilidad puede explotarse enviando solicitudes multiparte malformadas con caracteres arbitrarios al final del límite. Cada carácter adicional se procesa en un bucle infinito, lo que provoca un consumo excesivo de recursos y una denegación de servicio (DoS) completa para todos los usuarios. La vulnerabilidad no está autenticada, lo que significa que un atacante no requiere que el usuario inicie sesión ni interactúe con él para explotarla."}],"metrics":{"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-835"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:lm-sys:fastchat:0.2.36:*:*:*:*:*:*:*","matchCriteriaId":"7EF59142-7680-44AA-8669-F1F545DCBEDE"}]}]}],"references":[{"url":"https://huntr.com/bounties/bf3ca81d-3508-4455-95d9-0b653e46d6e4","source":"security@huntr.dev","tags":["Exploit","Third Party Advisory"]}]}}]}