CVE-2024-8939 — Vulnetix

CVE-2024-8939 PUBLISHED CVSS 6.199999809265137 MEDIUM

vLLM Denial of Service via the best_of parameter

EPSS 0.03% · 7.5th percentile

Risk Scores

CVSS v3.1

6.199999809265137

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score

0.03%

7.5th percentile

Affected Products

Vendor	Product	Versions
Red Hat	Red Hat Enterprise Linux AI (RHEL AI)
Red Hat	Red Hat Enterprise Linux AI (RHEL AI)
PyPI	vllm	0
		0

Timeline

Sep 17, 2024 CVE Published
Sep 18, 2024 EPSS Score
Oct 5, 2024 Coalition ESS Score
Oct 8, 2024 EPSS Score
Oct 27, 2024 EPSS Score
Nov 16, 2024 EPSS Score
Dec 6, 2024 EPSS Score
Dec 26, 2024 EPSS Score
Jan 14, 2025 EPSS Score
Feb 3, 2025 EPSS Score
Feb 22, 2025 EPSS Score
Mar 14, 2025 EPSS Score

References

https://access.redhat.com/security/cve/CVE-2024-8939 vdb
RHBZ#2312782 issue
https://nvd.nist.gov/vuln/detail/CVE-2024-8939 advisory
https://github.com/vllm-project/vllm/issues/6137 url
https://github.com/vllm-project/vllm package

Open in Interactive Console →

$ Console Community · 100/wk Open console ›