CVE-2024-12387 - Vulnerability Details - OpenCVE

A vulnerability in the binary-husky/gpt_academic repository, as of commit git 3890467, allows an attacker to crash the server by uploading a specially crafted zip bomb. The server decompresses the uploaded file and attempts to load it into memory, which can lead to an out-of-memory crash. This issue arises due to improper input validation when handling compressed file uploads.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Binary-husky	Gpt Academic

Configuration 1 [-]

cpe:2.3:a:binary-husky:gpt_academic:2024-10-15:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://huntr.com/bounties/02b4ab21-d29b-4cd7-ad80-f83081ce82a4

History

Thu, 31 Jul 2025 14:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-Other
CPEs		cpe:2.3:a:binary-husky:gpt_academic:2024-10-15:::::::*

Thu, 20 Mar 2025 13:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 20 Mar 2025 10:15:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability in the binary-husky/gpt_academic repository, as of commit git 3890467, allows an attacker to crash the server by uploading a specially crafted zip bomb. The server decompresses the uploaded file and attempts to load it into memory, which can lead to an out-of-memory crash. This issue arises due to improper input validation when handling compressed file uploads.
Title		Improper Input Validation in binary-husky/gpt_academic
Weaknesses		CWE-20
References		https://huntr.com/bounties/02b4ab21-d29b-4cd7-ad80-f83081ce82a4
Metrics		cvssV3_0 `{'score': 6.5, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published: 2025-03-20T10:11:21.371Z

Updated: 2025-03-20T13:06:27.128Z

Reserved: 2024-12-09T21:00:36.453Z

Link: CVE-2024-12387

Vulnrichment

Updated: 2025-03-20T13:06:17.969Z

NVD

Status : Analyzed

Published: 2025-03-20T10:15:28.010

Modified: 2025-07-31T14:30:28.583

Link: CVE-2024-12387

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-12387", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-12-09T21:00:36.453Z", "datePublished": "2025-03-20T10:11:21.371Z", "dateUpdated": "2025-03-20T13:06:27.128Z"}, "containers": {"cna": {"title": "Improper Input Validation in binary-husky/gpt_academic", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2025-03-20T10:11:21.371Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability in the binary-husky/gpt_academic repository, as of commit git 3890467, allows an attacker to crash the server by uploading a specially crafted zip bomb. The server decompresses the uploaded file and attempts to load it into memory, which can lead to an out-of-memory crash. This issue arises due to improper input validation when handling compressed file uploads."}], "affected": [{"vendor": "binary-husky", "product": "binary-husky/gpt_academic", "versions": [{"version": "unspecified", "status": "affected", "versionType": "custom", "lessThanOrEqual": "latest"}]}], "references": [{"url": "https://huntr.com/bounties/02b4ab21-d29b-4cd7-ad80-f83081ce82a4"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-20 Improper Input Validation", "cweId": "CWE-20"}]}], "source": {"advisory": "02b4ab21-d29b-4cd7-ad80-f83081ce82a4", "discovery": "EXTERNAL"}}, "adp": [{"references": [{"url": "https://huntr.com/bounties/02b4ab21-d29b-4cd7-ad80-f83081ce82a4", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-20T13:06:23.564889Z", "id": "CVE-2024-12387", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-20T13:06:27.128Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-12387", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-20T13:06:23.564889Z"}}}], "references": [{"url": "https://huntr.com/bounties/02b4ab21-d29b-4cd7-ad80-f83081ce82a4", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-20T13:06:17.969Z"}}], "cna": {"title": "Improper Input Validation in binary-husky/gpt_academic", "source": {"advisory": "02b4ab21-d29b-4cd7-ad80-f83081ce82a4", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "binary-husky", "product": "binary-husky/gpt_academic", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "latest"}]}], "references": [{"url": "https://huntr.com/bounties/02b4ab21-d29b-4cd7-ad80-f83081ce82a4"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the binary-husky/gpt_academic repository, as of commit git 3890467, allows an attacker to crash the server by uploading a specially crafted zip bomb. The server decompresses the uploaded file and attempts to load it into memory, which can lead to an out-of-memory crash. This issue arises due to improper input validation when handling compressed file uploads."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2025-03-20T10:11:21.371Z"}}}, "cveMetadata": {"cveId": "CVE-2024-12387", "state": "PUBLISHED", "dateUpdated": "2025-03-20T13:06:27.128Z", "dateReserved": "2024-12-09T21:00:36.453Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2025-03-20T10:11:21.371Z", "assignerShortName": "@huntr_ai"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:binary-husky:gpt_academic:2024-10-15:*:*:*:*:*:*:*", "matchCriteriaId": "6B6DCF58-F2C2-4491-92A8-BAC81C60A9A4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the binary-husky/gpt_academic repository, as of commit git 3890467, allows an attacker to crash the server by uploading a specially crafted zip bomb. The server decompresses the uploaded file and attempts to load it into memory, which can lead to an out-of-memory crash. This issue arises due to improper input validation when handling compressed file uploads."}, {"lang": "es", "value": "Una vulnerabilidad en el repositorio binary-husky/gpt_academic, a partir del commit git 3890467, permite a un atacante bloquear el servidor cargando una bomba zip especialmente manipulada. El servidor descomprime el archivo cargado e intenta cargarlo en memoria, lo que puede provocar un bloqueo por falta de memoria. Este problema surge debido a una validaci\u00f3n de entrada incorrecta al gestionar la carga de archivos comprimidos."}], "id": "CVE-2024-12387", "lastModified": "2025-07-31T14:30:28.583", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security@huntr.dev", "type": "Secondary"}]}, "published": "2025-03-20T10:15:28.010", "references": [{"source": "security@huntr.dev", "tags": ["Exploit", "Third Party Advisory"], "url": "https://huntr.com/bounties/02b4ab21-d29b-4cd7-ad80-f83081ce82a4"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"], "url": "https://huntr.com/bounties/02b4ab21-d29b-4cd7-ad80-f83081ce82a4"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "security@huntr.dev", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}