CVE-2024-12387 · CVEKit

cve.orgen

379 chars

A vulnerability in the binary-husky/gpt_academic repository, as of commit git 3890467, allows an attacker to crash the server by uploading a specially crafted zip bomb. The server decompresses the uploaded file and attempts to load it into memory, which can lead to an out-of-memory crash. This issue arises due to improper input validation when handling compressed file uploads.

NVDen

379 chars

A vulnerability in the binary-husky/gpt_academic repository, as of commit git 3890467, allows an attacker to crash the server by uploading a specially crafted zip bomb. The server decompresses the uploaded file and attempts to load it into memory, which can lead to an out-of-memory crash. This issue arises due to improper input validation when handling compressed file uploads.

NVDes

430 chars

Una vulnerabilidad en el repositorio binary-husky/gpt_academic, a partir del commit git 3890467, permite a un atacante bloquear el servidor cargando una bomba zip especialmente manipulada. El servidor descomprime el archivo cargado e intenta cargarlo en memoria, lo que puede provocar un bloqueo por falta de memoria. Este problema surge debido a una validación de entrada incorrecta al gestionar la carga de archivos comprimidos.

CVSS metrics across sources

3

Version	Type	Source	Base	Exp	Impact	Vector
3.0	Primary	cve.org	6.5	—	—	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
3.0	Primary	cve.org	6.5	—	—	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H