CVE-2024-10829 HIGH

CVE-2024-10829: Denial of Service (DoS) via Multipart Boundary in eosphoros-ai/db-gpt

Vendor Eosphoros-Ai
Product eosphoros-ai/db-gpt
Weakness CWE-835
Published March 20, 2025
Last update October 15, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

A Denial of Service (DoS) vulnerability in the multipart request boundary processing mechanism of eosphoros-ai/db-gpt v0.6.0 allows unauthenticated attackers to cause excessive resource consumption. The server fails to handle excessive characters appended to the end of multipart boundaries, leading to an infinite loop and complete denial of service for all users. This vulnerability affects all endpoints processing multipart/form-data requests.

Key dates

02Disclosure timeline

March 20, 2025 CVE published
October 15, 2025 Record updated