CVE-2024-8984 is a Denial of Service vulnerability affecting berriai/litellm version v1.44.5, caused by improper resource allocation controls during HTTP multipart request processing. Specifically, the vulnerability is triggered when an attacker appends extra characters, such as dashes (-), to the end of a multipart boundary in an HTTP request. The server's multipart parser continuously processes each appended character without limits or throttling, leading to excessive CPU and memory consumption. This results in resource exhaustion, causing the service to become unresponsive or crash, effectively denying service to legitimate users. The vulnerability does not require any authentication or user interaction, allowing unauthenticated remote attackers to exploit it easily. The issue is classified under CWE-770, which involves allocation of resources without proper limits, a common cause of DoS conditions. Although no public exploits have been reported yet, the vulnerability's characteristics make it a significant risk, especially for publicly accessible services using the affected library. The CVSS v3.0 score of 7.5 reflects its high impact on availability with low attack complexity and no required privileges or user interaction.

For European organizations, this vulnerability poses a significant risk to the availability of services relying on berriai/litellm, particularly those exposing HTTP multipart processing functionalities. Organizations in sectors such as cloud services, web hosting, software development, and any enterprise integrating this library into their applications could face service disruptions. The unauthenticated and remote nature of the exploit increases the likelihood of opportunistic attacks, potentially leading to downtime, loss of customer trust, and operational disruptions. Critical infrastructure providers or public-facing services in Europe could be targeted to cause widespread service outages. Additionally, the resource exhaustion could lead to cascading failures in dependent systems or increased operational costs due to mitigation efforts and incident response. The lack of known patches or exploits in the wild suggests a window of opportunity for attackers before organizations implement fixes.

European organizations should first identify all instances of berriai/litellm in their environments, especially version v1.44.5 or unspecified affected versions. Until an official patch is released, implement network-level protections such as rate limiting and deep packet inspection to detect and block malformed multipart HTTP requests with suspicious boundary characters. Deploy Web Application Firewalls (WAFs) configured to recognize and mitigate abnormal multipart boundary patterns. Monitor server resource usage closely to detect early signs of exploitation attempts. Consider isolating or sandboxing services that process multipart requests to limit the blast radius of potential DoS attacks. Engage with the vendor or open-source maintainers to obtain or contribute to patches addressing the vulnerability. Finally, update incident response plans to include detection and mitigation strategies for multipart boundary-based DoS attacks.