Cyber Resilience

CVE-2024-58339

HighPublic PoCDDoS

Published: 12 January 2026

Published
12 January 2026
Modified
21 January 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0057 42.6th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2024-58339 is a high-severity Allocation of Resources Without Limits or Throttling (CWE-770) vulnerability in Llamaindex Llamaindex. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 42.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as NLP and Transformers; in the Other ATLAS/OWASP Terms risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-6 (Resource Availability).

Deeper analysis

CVE-2024-58339 is an uncontrolled resource consumption vulnerability (CWE-770) affecting LlamaIndex (run-llama/llama_index) versions up to and including 0.12.2. The issue resides in the VannaPack VannaQueryEngine implementation, specifically within the custom_query() function in llama_index/packs/vanna/base.py. This logic generates SQL statements from user-supplied prompts and executes them via vn.run_sql() without enforcing query execution limits, enabling resource exhaustion.

The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity due to its potential for denial-of-service. Remote attackers require no privileges or user interaction and can exploit it over the network with low complexity. In downstream deployments where untrusted users provide prompts to the VannaQueryEngine, an attacker can supply crafted prompts that generate expensive or unbounded SQL operations, exhausting CPU or memory resources and causing a denial-of-service condition.

Advisories from sources including VulnCheck, Huntr, and the LlamaIndex GitHub repository detail the vulnerability and its exploitation path. Security practitioners should consult these references—such as https://www.vulncheck.com/advisories/llamaindex-vannaqueryengine-sql-execution-allows-resource-exhaustion and https://huntr.com/bounties/a1d6c30d-fce0-412a-bd22-14e0d4c1fa1f—for guidance on identifying affected deployments and implementing mitigations like input validation or query limits.

This issue is particularly relevant to AI/ML workflows, as LlamaIndex is a framework for building LLM-powered applications, potentially exposing data querying interfaces in production RAG systems to resource exhaustion attacks. No real-world exploitation has been reported in the provided details.

EU & UK References

Vulnerability details

LlamaIndex (run-llama/llama_index) versions up to and including 0.12.2 contain an uncontrolled resource consumption vulnerability in the VannaPack VannaQueryEngine implementation. The custom_query() logic generates SQL statements from a user-supplied prompt and executes them via vn.run_sql() without enforcing query execution limits In…

more

downstream deployments where untrusted users can supply prompts, an attacker can trigger expensive or unbounded SQL operations that exhaust CPU or memory resources, resulting in a denial-of-service condition. The vulnerable execution path occurs in llama_index/packs/vanna/base.py within custom_query().

CWE(s)

AI Security AnalysisAI

AI Category
NLP and Transformers
Risk Domain
Other ATLAS/OWASP Terms
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: llamaindex

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Uncontrolled resource consumption via crafted prompts enables application exhaustion through exploitation of the VannaQueryEngine SQL execution path.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-14021Same product: Llamaindex Llamaindex
CVE-2024-12909Same product: Llamaindex Llamaindex
CVE-2025-0315Shared CWE-770
CVE-2021-47877Shared CWE-770
CVE-2021-47784Shared CWE-770
CVE-2021-47793Shared CWE-770
CVE-2021-47895Shared CWE-770
CVE-2026-23490Shared CWE-770
CVE-2026-31866Shared CWE-770
CVE-2026-33260Shared CWE-770

Affected Assets

llamaindex
llamaindex
≤ 0.12.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

preventdetect

SC-5 directly protects against denial-of-service from unbounded SQL queries by limiting effects of resource exhaustion attacks triggered by malicious prompts.

prevent

SC-6 ensures resource availability by enforcing quotas and prioritization on CPU and memory during execution of user-prompt-generated SQL statements.

prevent

SI-10 mitigates the vulnerability by validating user-supplied prompts to inhibit generation of expensive or unbounded SQL operations.

References