CVE-2024-11171

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/danny-avila/librechat/commit/bb58a2d0662ef86dc75a9d2f6560125c018e3836", "name": "https://github.com/danny-avila/librechat/commit/bb58a2d0662ef86dc75a9d2f6560125c018e3836", "tags": ["Patch"], "refsource": ""}, {"url": "https://huntr.com/bounties/91717a5a-d653-4e35-b186-9e8d00aa4285", "name": "https://huntr.com/bounties/91717a5a-d653-4e35-b186-9e8d00aa4285", "tags": ["Exploit", "Third Party Advisory"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "In danny-avila/librechat version git 0c2a583, there is an improper input validation vulnerability. The application uses multer middleware for handling multipart file uploads. When using in-memory storage (the default setting for multer), there is no limit on the upload file size. This can lead to a server crash due to out-of-memory errors when handling large files. An attacker without any privileges can exploit this vulnerability to cause a complete denial of service. The issue is fixed in version 0.7.6."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-20"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2024-11171", "ASSIGNER": "security@huntr.dev"}}, "impact": {}, "publishedDate": "2025-03-20T10:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:librechat:librechat:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "0.7.6"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-07-15T16:44Z"}