cvelistv5 - cve-2024-11040

CVE-2024-11040 (GCVE-0-2024-11040)

Vulnerability from cvelistv5 – Published: 2025-03-20 10:10 – Updated: 2025-04-15 15:53

** REJECT ** DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-8939. Notes: All CVE users should reference CVE-2024-8939 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "providerMetadata": {
        "dateUpdated": "2025-04-15T15:53:31.930Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntr_ai"
      },
      "rejectedReasons": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "** REJECT ** DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-8939. Notes: All CVE users should reference CVE-2024-8939 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage."
            }
          ],
          "value": "** REJECT ** DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-8939. Notes: All CVE users should reference CVE-2024-8939 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntr_ai",
    "cveId": "CVE-2024-11040",
    "datePublished": "2025-03-20T10:10:55.762Z",
    "dateRejected": "2025-04-15T15:53:31.930Z",
    "dateReserved": "2024-11-09T04:21:53.965Z",
    "dateUpdated": "2025-04-15T15:53:31.930Z",
    "state": "REJECTED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-11040\",\"sourceIdentifier\":\"security@huntr.dev\",\"published\":\"2025-03-20T10:15:23.293\",\"lastModified\":\"2025-04-15T16:15:21.517\",\"vulnStatus\":\"Rejected\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Rejected reason: ** REJECT ** DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-8939. Notes: All CVE users should reference CVE-2024-8939 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage.\"}],\"metrics\":{},\"references\":[]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"providerMetadata\": {\"orgId\": \"c09c270a-b464-47c1-9133-acb35b22c19a\", \"shortName\": \"@huntr_ai\", \"dateUpdated\": \"2025-04-15T15:53:31.930Z\"}, \"rejectedReasons\": [{\"lang\": \"en\", \"supportingMedia\": [{\"base64\": false, \"type\": \"text/html\", \"value\": \"** REJECT ** DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-8939. Notes: All CVE users should reference CVE-2024-8939 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage.\"}], \"value\": \"** REJECT ** DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-8939. Notes: All CVE users should reference CVE-2024-8939 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage.\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-11040\", \"assignerOrgId\": \"c09c270a-b464-47c1-9133-acb35b22c19a\", \"state\": \"REJECTED\", \"assignerShortName\": \"@huntr_ai\", \"dateReserved\": \"2024-11-09T04:21:53.965Z\", \"datePublished\": \"2025-03-20T10:10:55.762Z\", \"dateUpdated\": \"2025-04-15T15:53:31.930Z\", \"dateRejected\": \"2025-04-15T15:53:31.930Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

FKIE_CVE-2024-11040

Vulnerability from fkie_nvd - Published: 2025-03-20 10:15 - Updated: 2025-04-15 16:15

Severity ?

Summary

Rejected reason: ** REJECT ** DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-8939. Notes: All CVE users should reference CVE-2024-8939 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage.

References

	URL	Tags

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Rejected reason: ** REJECT ** DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-8939. Notes: All CVE users should reference CVE-2024-8939 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage."
    }
  ],
  "id": "CVE-2024-11040",
  "lastModified": "2025-04-15T16:15:21.517",
  "metrics": {},
  "published": "2025-03-20T10:15:23.293",
  "references": [],
  "sourceIdentifier": "security@huntr.dev",
  "vulnStatus": "Rejected"
}

GHSA-HHR6-7642-8PMH

Vulnerability from github – Published: 2025-03-20 12:32 – Updated: 2025-03-20 12:32

Details

vllm-project vllm version 0.5.2.2 is vulnerable to Denial of Service attacks. The issue occurs in the 'POST /v1/completions' and 'POST /v1/embeddings' endpoints. For 'POST /v1/completions', enabling 'use_beam_search' and setting 'best_of' to a high value causes the HTTP connection to time out, with vllm ceasing effective work and the request remaining in a 'pending' state, blocking new completion requests. For 'POST /v1/embeddings', supplying invalid inputs to the JSON object causes an issue in the background loop, resulting in all further completion requests returning a 500 HTTP error code ('Internal Server Error') until vllm is restarted.

Severity ?

7.5 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-11040"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-20T10:15:23Z",
    "severity": "HIGH"
  },
  "details": "vllm-project vllm version 0.5.2.2 is vulnerable to Denial of Service attacks. The issue occurs in the \u0027POST /v1/completions\u0027 and \u0027POST /v1/embeddings\u0027 endpoints. For \u0027POST /v1/completions\u0027, enabling \u0027use_beam_search\u0027 and setting \u0027best_of\u0027 to a high value causes the HTTP connection to time out, with vllm ceasing effective work and the request remaining in a \u0027pending\u0027 state, blocking new completion requests. For \u0027POST /v1/embeddings\u0027, supplying invalid inputs to the JSON object causes an issue in the background loop, resulting in all further completion requests returning a 500 HTTP error code (\u0027Internal Server Error\u0027) until vllm is restarted.",
  "id": "GHSA-hhr6-7642-8pmh",
  "modified": "2025-03-20T12:32:41Z",
  "published": "2025-03-20T12:32:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11040"
    },
    {
      "type": "WEB",
      "url": "https://huntr.com/bounties/8ce20bbe-3c96-4cd1-97e5-25a5630925be"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-11040 (GCVE-0-2024-11040)

FKIE_CVE-2024-11040

GHSA-HHR6-7642-8PMH

Tags

Sightings

Nomenclature