Enviar #811406: vercel ai @ai-sdk/[email protected] Uncontrolled Resource Consumption (CWE-400)información

Títulovercel ai @ai-sdk/[email protected] Uncontrolled Resource Consumption (CWE-400)
Descripción# Technical Details An Uncontrolled Resource Consumption DoS vulnerability exists in the `createJsonResponseHandler` method in `packages/provider-utils/src/response-handler.ts` of vercel/ai. The application fails to constrain buffer accumulation when handling standard JSON inferences from backing AI providers or MCP servers. A malicious provider entity streaming infinite whitespace without a `Content-Length` header bypasses network constraints and crashes the entire backend service via a native V8 memory engine exhaustion. # Vulnerable Code File: packages/provider-utils/src/response-handler.ts Method: createJsonResponseHandler Why: Non-streaming standard JSON retrievals utilize `await response.text()` and `await safeParseJSON()` natively across HTTP sockets without imposing fixed size-limits (like the bounded `readResponseWithSizeLimit()` method logic missing on these pathways). # Reproduction 1. Operate an explicit pseudo-endpoint server mapping the mocked AI chat routes that returns a generic JSON structure chunking an infinite stream of byte whitespace without dropping the TCP socket. 2. Initialize an AI SDK gateway specifying the malicious local address as its `baseURL`. 3. Submit a generation request targeting the AI API. As the network engine continuously aggregates data to evaluate the JSON object, Native V8 memory heap bounds are exhausted. # Impact - High-Impact Application DoS: Terminates the backend architecture processes causing total cluster outage. - Disrupts multi-tenant integration pipelines that facilitate 'bring your own' Custom URL configurations.
Fuente⚠️ https://gist.github.com/YLChen-007/fb1096bc8428bed9a428f764d9d103bb
Usuario
 Eric-f (UID 96873)
Sumisión2026-04-23 14:47 (hace 1 mes)
Moderación2026-05-17 11:28 (24 days later)
EstadoAceptado
Entrada de VulDB364394 [vercel ai hasta 3.0.97 provider-utils response-handler.ts denegación de servicio]
Puntos20

AnteriorVisión De ConjuntoPróximo

Might our Artificial Intelligence support you?

Check our Alexa App!