Impact
An incomplete fix for a prior CVE left exception messages unsanitized in the vLLM inference engine. When an unauthenticated attacker sends malformed image bytes to the Anthropic Messages API, PIL.Image.open raises an UnidentifiedImageError whose message contains the BytesIO object repr, exposing a heap memory address in the response body. The flaw is classified under CWE‑209 and also reveals internal file paths or environmental details in logs, corresponding to CWE‑532.
Affected Systems
vLLM before version 0.23.1rc0 (vllm-project vllm library). The vulnerability impacts the Anthropic API router, the Server‑Sent Events streaming converter, and the realtime speech‑to‑text WebSocket components within vllm.
Risk and Exploitability
The CVSS score of 5.3 indicates a moderate impact, while the EPSS score is < 1% and the vulnerability does not appear in the CISA KEV catalog. An unauthenticated attacker can trigger the flaw by posting malformed image data to the Anthropic endpoint, causing a PIL exception to leak a BytesIO object repr that includes a heap memory address. The exploitation requires no special privileges and results only in information disclosure, which could aid further attacks but does not provide code execution.
OpenCVE Enrichment
Github GHSA