Impact
vLLM processes audio uploads for its speech‑to‑text endpoints by reading the entire multipart file into memory before checking the configured maximum file‑size limit. An attacker who can reach the /v1/audio/transcriptions or /v1/audio/translations endpoint can upload an oversized audio file, causing the application to allocate memory proportional to the file size before rejecting the request. This excessive allocation can stress the host’s memory resources or trigger a JVM or container death, resulting in service disruption. The vulnerability is a classic example of uncontrolled resource consumption (CWE‑400) and out‑of‑memory allocation (CWE‑770).
Affected Systems
The issue affects the vllm project’s vllm engine for versions 0.22.0 through 0.23.0. It is resolved in version 0.24.0 and later. Any deployment running one of the vulnerable releases and exposing the speech‑to‑text endpoints is susceptible.
Risk and Exploitability
The CVSS score of 6.5 indicates moderate severity, and no EPSS score is currently available, so the likelihood of exploitation cannot be quantified. The vulnerability is not listed in the CISA KEV catalog. The attack path is straightforward: an API caller who can reach the endpoints can submit a multipart audio file larger than the intended limit. This requires network access to the service and valid authentication if the service enforces it. When the file exceeds the memory limit, the service will experience high memory pressure or crash before it can reject the request.
OpenCVE Enrichment