Impact
The vulnerability exists in vLLM’s /v1/audio/transcriptions endpoint; decompressing a compressed OPUS file produces a massive PCM output that can exceed the server’s memory, causing an out‑of‑memory failure and a denial of service. The flaw is a lack of bounds checking on the decoded output size (CWE‑409) and insufficient limits on allocation size (CWE‑770). An attacker can trigger the issue by uploading a specially crafted audio file, exhausting memory resources and potentially crashing or rejecting legitimate requests.
Affected Systems
vLLM project prior to version 0.23.1rc0, any deployment that exposes the /v1/audio/transcriptions endpoint. The vulnerable product is vllm-project vllm; the flaw affects all environments running the engine before the fixed release.
Risk and Exploitability
The CVSS score of 6.5 indicates moderate severity. The EPSS score of 0.00243 (less than 1%) suggests a very low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. Attackers could exploit this through an HTTP POST to the transcription endpoint, sending a large compressed audio payload to trigger the denial‑of‑service condition. The flaw includes an unchecked allocation size (CWE‑770).
OpenCVE Enrichment
Github GHSA