Executive Summary

vLLM versions 0.8.0 and later have a vulnerability in the VideoMediaIO.load_base64() method that processes video/jpeg data URLs. This method splits the base64 data string on commas to extract individual JPEG frames but does not limit the number of frames it processes.

An attacker can exploit this by sending a single API request containing thousands of comma-separated base64-encoded JPEG frames. The server attempts to decode all these frames into memory, which can cause it to run out of memory and crash, resulting in a Denial of Service (DoS) condition.

This vulnerability is reachable via the OpenAI-compatible chat completions API and does not require authentication.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can cause a Denial of Service (DoS) by exhausting the server's memory resources. An attacker can crash the server by sending a specially crafted request with a large number of base64-encoded JPEG frames, causing the server to consume excessive memory and become unresponsive.

As a result, legitimate users may be unable to access the service while the server is down or recovering from the crash.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by monitoring for unusually large or suspicious API requests to the OpenAI-compatible chat completions API that contain data URLs with a very high number of comma-separated base64-encoded JPEG frames.

Specifically, detection involves inspecting incoming requests for the presence of 'video/jpeg' data URLs with an excessive number of frames, which can be identified by counting the commas in the base64 data string.

While no explicit commands are provided in the resources, a possible approach is to use network traffic inspection tools or log analysis to filter and count frames in the base64 data URLs.

• Use tools like tcpdump or Wireshark to capture API request traffic.
• Extract and analyze the payloads containing 'video/jpeg' data URLs.
• Count the number of commas in the base64 string to estimate the number of frames.
• Example command snippet (Linux shell) to count frames in a captured payload: `echo '<base64_data_string>' | grep -o ',' | wc -l`

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation involves applying the security fix introduced in the vLLM project that enforces a configurable frame limit on the number of base64-encoded JPEG frames processed by the VideoMediaIO.load_base64() method.

Specifically, update to a version of vLLM that includes the patch which adds the `num_frames` parameter to limit the number of frames processed, preventing unbounded memory consumption.

If updating immediately is not possible, consider implementing request filtering or rate limiting on the API endpoint to block or throttle requests containing excessively large or numerous frames.

• Upgrade vLLM to a version including the patch that enforces frame limits (see commit 58ee61422169ce17e08248f8efa1e9df434fe395).
• Configure the `num_frames` parameter to a safe positive value to limit frame processing.
• Implement API request validation to reject or limit requests with large numbers of frames.
• Monitor and rate-limit incoming requests to prevent abuse.

Useful 0 Not Useful 0

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Useful 0 Not Useful 0