| शीर्षक | vercel ai @ai-sdk/[email protected] Uncontrolled Resource Consumption (CWE-400) |
|---|
| विवरण | # Technical Details
An Uncontrolled Resource Consumption DoS vulnerability exists in the `createJsonResponseHandler` method in `packages/provider-utils/src/response-handler.ts` of vercel/ai.
The application fails to constrain buffer accumulation when handling standard JSON inferences from backing AI providers or MCP servers. A malicious provider entity streaming infinite whitespace without a `Content-Length` header bypasses network constraints and crashes the entire backend service via a native V8 memory engine exhaustion.
# Vulnerable Code
File: packages/provider-utils/src/response-handler.ts
Method: createJsonResponseHandler
Why: Non-streaming standard JSON retrievals utilize `await response.text()` and `await safeParseJSON()` natively across HTTP sockets without imposing fixed size-limits (like the bounded `readResponseWithSizeLimit()` method logic missing on these pathways).
# Reproduction
1. Operate an explicit pseudo-endpoint server mapping the mocked AI chat routes that returns a generic JSON structure chunking an infinite stream of byte whitespace without dropping the TCP socket.
2. Initialize an AI SDK gateway specifying the malicious local address as its `baseURL`.
3. Submit a generation request targeting the AI API. As the network engine continuously aggregates data to evaluate the JSON object, Native V8 memory heap bounds are exhausted.
# Impact
- High-Impact Application DoS: Terminates the backend architecture processes causing total cluster outage.
- Disrupts multi-tenant integration pipelines that facilitate 'bring your own' Custom URL configurations. |
|---|
| स्रोत | ⚠️ https://gist.github.com/YLChen-007/fb1096bc8428bed9a428f764d9d103bb |
|---|
| उपयोगकर्ता | Eric-f (UID 96873) |
|---|
| सबमिशन | 23/04/2026 02:47 PM (1 महीना पहले) |
|---|
| संयम | 17/05/2026 11:28 AM (24 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 364394 [vercel ai तक 3.0.97 provider-utils response-handler.ts सेवा अस्वीकार] |
|---|
| अंक | 20 |
|---|