{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-12704", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-12-17T10:58:19.646Z", "datePublished": "2025-03-20T10:09:06.689Z", "dateUpdated": "2025-10-15T12:50:18.666Z"}, "containers": {"cna": {"title": "Denial of Service (DoS) in run-llama/llama_index", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2025-10-15T12:50:18.666Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability in the LangChainLLM class of the run-llama/llama_index repository, version v0.12.5, allows for a Denial of Service (DoS) attack. The stream_complete method executes the llm using a thread and retrieves the result via the get_response_gen method of the StreamingGeneratorCallbackHandler class. If the thread terminates abnormally before the _llm.predict is executed, there is no exception handling for this case, leading to an infinite loop in the get_response_gen function. This can be triggered by providing an input of an incorrect type, causing the thread to terminate and the process to continue running indefinitely."}], "affected": [{"vendor": "run-llama", "product": "run-llama/llama_index", "versions": [{"version": "unspecified", "lessThan": "0.12.6", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/a0b638fd-21c6-4ba7-b381-6ab98472a02a"}, {"url": "https://github.com/run-llama/llama_index/commit/d1ecfb77578d089cbe66728f18f635c09aa32a05"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-835 Loop with Unreachable Exit Condition", "cweId": "CWE-835"}]}], "source": {"advisory": "a0b638fd-21c6-4ba7-b381-6ab98472a02a", "discovery": "EXTERNAL"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-20T17:54:16.910026Z", "id": "CVE-2024-12704", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-20T18:58:07.026Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-12704", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-20T17:54:16.910026Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-20T17:54:18.353Z"}}], "cna": {"title": "Denial of Service (DoS) in run-llama/llama_index", "source": {"advisory": "a0b638fd-21c6-4ba7-b381-6ab98472a02a", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "run-llama", "product": "run-llama/llama_index", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "0.12.6", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/a0b638fd-21c6-4ba7-b381-6ab98472a02a"}, {"url": "https://github.com/run-llama/llama_index/commit/d1ecfb77578d089cbe66728f18f635c09aa32a05"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the LangChainLLM class of the run-llama/llama_index repository, version v0.12.5, allows for a Denial of Service (DoS) attack. The stream_complete method executes the llm using a thread and retrieves the result via the get_response_gen method of the StreamingGeneratorCallbackHandler class. If the thread terminates abnormally before the _llm.predict is executed, there is no exception handling for this case, leading to an infinite loop in the get_response_gen function. This can be triggered by providing an input of an incorrect type, causing the thread to terminate and the process to continue running indefinitely."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-835", "description": "CWE-835 Loop with Unreachable Exit Condition"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2025-10-15T12:50:18.666Z"}}}, "cveMetadata": {"cveId": "CVE-2024-12704", "state": "PUBLISHED", "dateUpdated": "2025-10-15T12:50:18.666Z", "dateReserved": "2024-12-17T10:58:19.646Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2025-03-20T10:09:06.689Z", "assignerShortName": "@huntr_ai"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:llamaindex:llamaindex:0.12.5:*:*:*:*:*:*:*", "matchCriteriaId": "D35A0A81-3555-4025-9D5B-FE7435EA5747", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the LangChainLLM class of the run-llama/llama_index repository, version v0.12.5, allows for a Denial of Service (DoS) attack. The stream_complete method executes the llm using a thread and retrieves the result via the get_response_gen method of the StreamingGeneratorCallbackHandler class. If the thread terminates abnormally before the _llm.predict is executed, there is no exception handling for this case, leading to an infinite loop in the get_response_gen function. This can be triggered by providing an input of an incorrect type, causing the thread to terminate and the process to continue running indefinitely."}, {"lang": "es", "value": "Una vulnerabilidad en la clase LangChainLLM del repositorio run-llama/llama_index, versi\u00f3n v0.12.5, permite un ataque de denegaci\u00f3n de servicio (DoS). El m\u00e9todo stream_complete ejecuta el llm mediante un hilo y recupera el resultado mediante el m\u00e9todo get_response_gen de la clase StreamingGeneratorCallbackHandler. Si el hilo termina de forma an\u00f3mala antes de ejecutar _llm.predict, no se gestionan excepciones, lo que genera un bucle infinito en la funci\u00f3n get_response_gen. Esto puede activarse al proporcionar una entrada de un tipo incorrecto, lo que provoca la finalizaci\u00f3n del hilo y la ejecuci\u00f3n indefinida del proceso."}], "id": "CVE-2024-12704", "lastModified": "2025-10-15T13:15:40.547", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security@huntr.dev", "type": "Secondary"}]}, "published": "2025-03-20T10:15:29.383", "references": [{"source": "security@huntr.dev", "tags": ["Patch"], "url": "https://github.com/run-llama/llama_index/commit/d1ecfb77578d089cbe66728f18f635c09aa32a05"}, {"source": "security@huntr.dev", "tags": ["Exploit", "Third Party Advisory"], "url": "https://huntr.com/bounties/a0b638fd-21c6-4ba7-b381-6ab98472a02a"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-835"}], "source": "security@huntr.dev", "type": "Primary"}]}

{"bugzilla": {"description": "llama-index: Denial of Service (DoS) in run-llama/llama_index", "id": "2353770", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2353770"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-755", "details": ["A vulnerability in the LangChainLLM class of the run-llama/llama_index repository, version v0.12.5, allows for a Denial of Service (DoS) attack. The stream_complete method executes the llm using a thread and retrieves the result via the get_response_gen method of the StreamingGeneratorCallbackHandler class. If the thread terminates abnormally before the _llm.predict is executed, there is no exception handling for this case, leading to an infinite loop in the get_response_gen function. This can be triggered by providing an input of an incorrect type, causing the thread to terminate and the process to continue running indefinitely.", "A flaw was found in the run-llama/llama_index. This vulnerability allows for a denial of service (DoS) attack via improper exception handling in the stream_complete method, which leads to an infinite loop in get_response_gen when the execution thread terminates abnormally."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-12704", "package_state": [{"cpe": "cpe:/a:redhat:openshift_lightspeed", "fix_state": "Affected", "package_name": "openshift-lightspeed-tech-preview/lightspeed-service-api-rhel9", "product_name": "OpenShift Lightspeed"}], "public_date": "2025-03-20T10:09:06Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-12704\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-12704\nhttps://github.com/run-llama/llama_index/commit/d1ecfb77578d089cbe66728f18f635c09aa32a05\nhttps://huntr.com/bounties/a0b638fd-21c6-4ba7-b381-6ab98472a02a"], "statement": "This vulnerability marked as high severity rather than moderate due to its potential to cause a complete Denial of Service (DoS) in affected applications. This flaw can be triggered trivially by supplying an invalid input type.\nSince there is no exception handling when the prediction thread terminates prematurely, the get_response_gen function enters an infinite loop, consuming CPU resources indefinitely. This not only disrupts service availability but can also impact multi-threaded environments where stalled threads accumulate, degrading overall system performance.", "threat_severity": "Important"}

{}