CNNVD-202510-4346 Information

CNNVD ID

CNNVD-202510-4346

Related CVE

CVE-2025-8849

• CNNVD Published: 2025-10-31

Description (Chinese)

LibreChat是Danny Avila个人开发者的一个增强的 ChatGPT 克隆。 LibreChat 0.7.9版本存在资源管理错误漏洞，该漏洞源于/api/memories端点未限制参数值大小，可能导致拒绝服务攻击。

Description (English)

LibreChat is an enhanced ChatGPT clone of Danny Avila’s personal developer. Version LibreChat 0.7.9 contains a misdirection of resource management, which originates from the unlimited value of the /api/memories endpoint, which may lead to a denial of service attack.

Hazard Level

High

Vulnerability Type

资源管理错误

Affected Vendor

个人开发者

Published

2025-10-31

Last Modified

2026-02-24

References

https://github.com/danny-avila/librechat/commit/edf33bedcbb08c33e59df76f06454ed7efd896f9 https://huntr.com/bounties/e9d9404c-cd19-4226-a580-9cba14b7d7d6 https://access.redhat.com/security/cve/cve-2025-8849

Patch

https://github.com/danny-avila/LibreChat/releases