Submit #811406: vercel ai @ai-sdk/[email protected] Uncontrolled Resource Consumption (CWE-400)info

Titlevercel ai @ai-sdk/[email protected] Uncontrolled Resource Consumption (CWE-400)
Description# Technical Details An Uncontrolled Resource Consumption DoS vulnerability exists in the `createJsonResponseHandler` method in `packages/provider-utils/src/response-handler.ts` of vercel/ai. The application fails to constrain buffer accumulation when handling standard JSON inferences from backing AI providers or MCP servers. A malicious provider entity streaming infinite whitespace without a `Content-Length` header bypasses network constraints and crashes the entire backend service via a native V8 memory engine exhaustion. # Vulnerable Code File: packages/provider-utils/src/response-handler.ts Method: createJsonResponseHandler Why: Non-streaming standard JSON retrievals utilize `await response.text()` and `await safeParseJSON()` natively across HTTP sockets without imposing fixed size-limits (like the bounded `readResponseWithSizeLimit()` method logic missing on these pathways). # Reproduction 1. Operate an explicit pseudo-endpoint server mapping the mocked AI chat routes that returns a generic JSON structure chunking an infinite stream of byte whitespace without dropping the TCP socket. 2. Initialize an AI SDK gateway specifying the malicious local address as its `baseURL`. 3. Submit a generation request targeting the AI API. As the network engine continuously aggregates data to evaluate the JSON object, Native V8 memory heap bounds are exhausted. # Impact - High-Impact Application DoS: Terminates the backend architecture processes causing total cluster outage. - Disrupts multi-tenant integration pipelines that facilitate 'bring your own' Custom URL configurations.
Source⚠️ https://gist.github.com/YLChen-007/fb1096bc8428bed9a428f764d9d103bb
User
 Eric-f (UID 96873)
Submission04/23/2026 14:47 (3 months ago)
Moderation05/17/2026 11:28 (24 days later)
StatusAccepted
VulDB entry364394 [vercel ai up to 3.0.97 provider-utils response-handler.ts resource consumption]
Points20

Interested in the pricing of exploits?

See the underground prices here!