CVE-2024-58340 identifies a regular expression denial-of-service (ReDoS) vulnerability in the LangChain AI LangChain library, specifically affecting versions up to and including 0.3.1. The vulnerability resides in the MRKLOutputParser.parse() method located in libs/langchain/langchain/agents/mrkl/output_parser.py. This method employs a regular expression that is prone to excessive backtracking when parsing model-generated output to extract tool actions. An attacker who can supply or influence the input text—commonly through prompt injection attacks in downstream applications that feed large language model (LLM) outputs directly into this parser—can craft malicious payloads designed to exploit the regex inefficiency. When processed, these payloads cause the regex engine to consume excessive CPU resources, leading to significant delays in parsing and potentially causing denial-of-service (DoS) conditions by exhausting system resources. The vulnerability requires no authentication or user interaction, and the attack vector is network accessible, as it depends on influencing the input text processed by the parser. Although no public exploits have been reported, the high CVSS 8.7 score reflects the ease of exploitation and the high impact on availability. The root cause is classified under CWE-1333, which pertains to inefficient regular expression complexity leading to performance degradation. This vulnerability highlights the risks of using complex regex patterns without safeguards in AI-driven parsing components.

The primary impact of CVE-2024-58340 is a denial-of-service condition caused by excessive CPU consumption during parsing operations. Organizations deploying LangChain in AI workflows, especially those that process untrusted or user-influenced input, face risks of service degradation or outages. This can disrupt critical AI-driven automation, decision-making processes, or customer-facing applications relying on LangChain. The vulnerability could be exploited remotely without authentication, increasing the attack surface. In environments with high concurrency, the resource exhaustion could cascade, affecting other services and causing broader operational impacts. Additionally, the inability to parse outputs efficiently may degrade user experience and reduce trust in AI services. While confidentiality and integrity impacts are not directly implicated, availability degradation alone can have severe business consequences, including financial loss, reputational damage, and compliance issues. The lack of known exploits currently provides a window for proactive mitigation before widespread attacks emerge.

To mitigate CVE-2024-58340, organizations should first upgrade LangChain to a version where this vulnerability is patched once available. In the absence of an official patch, developers should consider refactoring or replacing the vulnerable regular expression in MRKLOutputParser.parse() with more efficient parsing logic that avoids backtracking-prone patterns. Implementing input validation and sanitization to restrict or sanitize user-influenced inputs before they reach the parser can reduce attack surface. Employing rate limiting and resource usage monitoring on services that invoke LangChain parsing can help detect and mitigate abuse attempts. Additionally, isolating LangChain processing in resource-constrained environments (e.g., containers with CPU limits) can prevent system-wide resource exhaustion. Security teams should also review application architectures to minimize direct injection of untrusted inputs into AI model outputs that feed into vulnerable parsing components. Finally, monitoring for anomalous CPU spikes and parsing delays can provide early warning of exploitation attempts.