High severity7.5GHSA Advisory· Published Sep 17, 2024· Updated Apr 15, 2026
CVE-2024-8768
CVE-2024-8768
Description
A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
vllmPyPI | < 0.5.5 | 0.5.5 |
Affected products
3- osv-coords2 versions
< 24.04-r9+ 1 more
- (no CPE)range: < 24.04-r9
- (no CPE)range: < 0.5.5
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-w2r7-9579-27hfghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-8768ghsaADVISORY
- access.redhat.com/security/cve/CVE-2024-8768nvdWEB
- bugzilla.redhat.com/show_bug.cginvdWEB
- github.com/vllm-project/vllm/commit/e25fee57c2e69161bd261f5986dc5aeb198bbd42ghsaWEB
- github.com/vllm-project/vllm/issues/7632nvdWEB
- github.com/vllm-project/vllm/pull/7746nvdWEB
News mentions
0No linked articles in our index yet.