CVE-2024-10935

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-10935
automatic1111/stable-diffusion-webui version 1.10.0 contains a vulnerability where the server fails to handle excessive characters appended to the end of multipart boundaries. This flaw can be exploited by sending malformed multipart requests with arbitrary characters at the end of the boundary, leading to excessive resource consumption and a complete denial of service (DoS) for all users. The vulnerability is unauthenticated, meaning no user login or interaction is required for an attacker to exploit this issue.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://huntr.com/bounties/e6fdc6ed-f38d-4798-b60a-0e47893a81a6 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:automatic1111:stable-diffusion-webui:1.10.0:*:*:*:*:*:*:*
History

05 Aug 2025, 16:41

Type Values Removed Values Added
CPE cpe:2.3:a:automatic1111:stable-diffusion-webui:1.10.0:*:*:*:*:*:*:*
References () https://huntr.com/bounties/e6fdc6ed-f38d-4798-b60a-0e47893a81a6 - () https://huntr.com/bounties/e6fdc6ed-f38d-4798-b60a-0e47893a81a6 - Exploit, Third Party Advisory
First Time Automatic1111
Automatic1111 stable-diffusion-webui
Summary
  • (es) La versión 1.10.0 de automatic1111/stable-diffusion-webui contiene una vulnerabilidad que impide que el servidor gestione el exceso de caracteres añadidos al final de los límites multiparte. Esta vulnerabilidad puede explotarse enviando solicitudes multiparte malformadas con caracteres arbitrarios al final del límite, lo que provoca un consumo excesivo de recursos y una denegación de servicio (DoS) completa para todos los usuarios. La vulnerabilidad no está autenticada, lo que significa que un atacante no requiere que el usuario inicie sesión ni interactúe con el sistema para explotarla.

20 Mar 2025, 10:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-03-20 10:15

Updated : 2025-08-05 16:41

NVD link : CVE-2024-10935

Mitre link : CVE-2024-10935

CVE.ORG link : CVE-2024-10935

JSON object : View

Products Affected

automatic1111

  • stable-diffusion-webui
CWE
CWE-400

Uncontrolled Resource Consumption