CNNVD-202508-2618 Information
CNNVD ID
CNNVD-202508-2618
Related CVE
- CNNVD Published: 2025-08-21
Description (Chinese)
vLLM是vLLM开源的一个适用于 LLM 的高吞吐量和内存高效推理和服务引擎。 vLLM 0.1.0至0.10.1.1之前版本存在资源管理错误漏洞,该漏洞源于发送带有极大标头的HTTP GET请求可能导致拒绝服务攻击。
Description (English)
vLLM is a high-volume throughput and memory efficient reasoning and service engine for VLLM open source. The previous version of vLM 0.1.0 to 0.10.0.1.1 had an error in resource management, which arose out of the possibility that sending a request for HTTP GET with a very large header could lead to a denial of service attack.
Hazard Level
Medium
Vulnerability Type
资源管理错误
Affected Vendor
vLLM
Published
2025-08-21
Last Modified
2026-02-24
References
https://github.com/vllm-project/vllm/security/advisories/GHSA-rxc4-3w6r-4v47 https://github.com/vllm-project/vllm/pull/23267 https://github.com/vllm-project/vllm/commit/d8b736f913a59117803d6701521d2e4861701944 https://nvd.nist.gov/vuln/detail/CVE-2025-48956 https://access.redhat.com/security/cve/cve-2025-48956
Patch
https://github.com/vllm-project/vllm/releases
Share on: