CVE-2024-10188 in litellm
Summary
by MITRE • 03/20/2025
A vulnerability in BerriAI/litellm, as of commit 26c03c9, allows unauthenticated users to cause a Denial of Service (DoS) by exploiting the use of ast.literal_eval to parse user input. This function is not safe and is prone to DoS attacks, which can crash the litellm Python server.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 03/20/2025
The vulnerability identified as CVE-2024-10188 resides within the BerriAI/litellm project, specifically in its handling of user-provided input through the ast.literal_eval function. This flaw represents a critical security weakness that enables unauthenticated attackers to execute denial of service attacks against the affected system. The vulnerability was discovered in the commit 26c03c9 and affects the Python-based litellm server implementation. The core issue stems from the improper use of ast.literal_eval which, while designed to safely evaluate literal expressions, becomes dangerous when processing untrusted input without proper validation or sanitization measures.
The technical exploitation of this vulnerability occurs when the system processes user input through ast.literal_eval without adequate safeguards against malicious payloads. This function, though intended to parse literal expressions such as strings, numbers, tuples, lists, dicts, booleans, and None, can be manipulated to cause excessive CPU consumption and memory allocation through carefully crafted input sequences. When exploited, these sequences can trigger infinite loops, stack overflows, or resource exhaustion conditions that ultimately lead to the complete crash of the litellm Python server. The vulnerability manifests as a direct consequence of insufficient input validation and sanitization, creating a pathway for attackers to disrupt service availability.
The operational impact of this vulnerability extends beyond simple service disruption, as it can result in complete system unavailability for legitimate users and potentially allow for further exploitation attempts. Attackers can leverage this weakness to exhaust system resources, causing the server to become unresponsive or crash entirely, thereby preventing authorized users from accessing the service. The vulnerability's severity is amplified by its unauthenticated nature, meaning that any external party can exploit it without requiring prior access credentials or privileges. This characteristic makes the vulnerability particularly dangerous in production environments where service availability is critical and where attackers may seek to disrupt operations for financial gain, competitive advantage, or malicious intent.
Mitigation strategies for CVE-2024-10188 should prioritize immediate code-level fixes that eliminate the unsafe usage of ast.literal_eval for user input processing. The recommended approach involves implementing proper input validation and sanitization mechanisms that either avoid ast.literal_eval entirely for untrusted data or apply strict constraints and timeouts to prevent resource exhaustion. Organizations should consider replacing vulnerable parsing methods with safer alternatives such as json.loads for structured data or implementing comprehensive input sanitization routines that can detect and reject potentially harmful sequences. Additionally, implementing rate limiting and resource monitoring can help detect and mitigate exploitation attempts before they cause complete system failure. This vulnerability aligns with CWE-400, which addresses the general category of resource exhaustion vulnerabilities, and relates to ATT&CK technique T1499.004 for denial of service attacks. The remediation process should include thorough code review to identify similar patterns and ensure that all input processing functions properly validate and sanitize data before any evaluation occurs.
The broader implications of this vulnerability highlight the critical importance of secure coding practices and input validation in modern software development. The issue demonstrates how seemingly benign functions can become security risks when used inappropriately, emphasizing the need for developers to understand the security implications of every function they employ. Organizations should implement comprehensive security testing procedures that include static code analysis and dynamic penetration testing to identify similar vulnerabilities before they can be exploited in production environments. Regular security updates and patches should be prioritized, particularly for widely-used libraries and frameworks that may contain such dangerous patterns. The vulnerability also underscores the importance of following security best practices such as the principle of least privilege, input validation, and defense in depth to minimize the impact of potential exploits.