CNNVD-202511-2542 Information

CNNVD ID

CNNVD-202511-2542

Related CVE

CVE-2025-62164

• CNNVD Published: 2025-11-21

Description (Chinese)

vLLM是vLLM开源的一个适用于 LLM 的高吞吐量和内存高效推理和服务引擎。 vLLM 0.10.2版本至0.11.1之前版本存在缓冲区错误漏洞，该漏洞源于Completions API端点存在内存损坏，可能导致崩溃或远程代码执行。

Description (English)

vLLM is a high-volume throughput and memory efficient reasoning and service engine for VLLM open source. There is an error loophole in the buffer zone from vLLM version 0.102 to the pre-0.11.1, which stems from memory damage at the Completions API endpoint, which could lead to a breakdown or remote code execution.

Hazard Level

Medium

Vulnerability Type

缓冲区错误

Affected Vendor

vLLM

Published

2025-11-21

Last Modified

2026-02-24

References

https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b https://github.com/vllm-project/vllm/pull/27204 https://github.com/vllm-project/vllm/security/advisories/GHSA-mrw7-hf4f-83pf

Patch

https://github.com/vllm-project/vllm/releases