Full Report
The vulnerability, described by a researcher as “bad programming,” allows an attacker to send unlimited connection requests through ChatGPT’s API. The post ‘Severe’ bug in ChatGPT’s API could be used to DDoS websites appeared first on CyberScoop.
Analysis Summary
# Vulnerability: Amplification Flaw in ChatGPT API Enables Potential DDoS Attacks
## CVE Details
- CVE ID: Not specified in the provided text.
- CVSS Score: 8.6 (High)
- CWE: Not specified in the provided text (likely related to improper input validation or resource handling).
## Affected Systems
- Products: ChatGPT API (OpenAI backend servers processing HTTP POST requests).
- Versions: The specific vulnerable endpoint/version is not detailed, but the issue resided in how the API processed the `URLs` parameter.
- Configurations: Any configuration utilizing the API endpoint that processes URLs within HTTP POST requests.
## Vulnerability Description
The vulnerability stems from "bad programming" in the ChatGPT API endpoint responsible for processing HTTP POST requests containing embedded URLs. Specifically, there was no limit set on the number of URLs that could be included in a single request via the `URLs` parameter. An attacker could exploit this by sending a single request containing thousands of hyperlinks. When the API processes these requests, the resulting outgoing connection attempts from OpenAI's (and Microsoft's) servers to the targeted victim websites could overwhelm the victim's infrastructure, effectively amplifying the attack traffic.
## Exploitation
- Status: PoC available (Proof-of-concept code was demonstrated against a local host).
- Complexity: Low
- Attack Vector: Network (Relies on the API endpoint; the amplification factor makes network-based DDoS feasible).
## Impact
- Confidentiality: Unknown/Not directly targeted.
- Integrity: Potential for Denial of Service against target websites.
- Availability: High potential to cause Denial of Service (DDoS) against targeted external websites due to traffic amplification from OpenAI's servers.
## Remediation
### Patches
- OpenAI has **disabled the vulnerable endpoint** as a mitigation step.
### Workarounds
- No formal workarounds were explicitly provided, as the endpoint was disabled. Developers relying on this functionality would need to update their integration method or utilize alternative APIs if applicable.
## Detection
- **Indicators of compromise:** High, unusual volume of connection requests originating from OpenAI/Microsoft infrastructure directed at an external web resource.
- **Detection methods and tools:** Standard DDoS monitoring tools monitoring ingress traffic spikes, particularly those patterns originating from well-known cloud provider IP ranges associated with OpenAI/Microsoft services.
## References
- Research Documentation: hXXps://github.com/bf/security-advisories/blob/main/2025-01-ChatGPT-Crawler-Reflective-DDOS-Vulnerability.md
- Vendor Advisory/Status: Mentioned that the issue was reported to OpenAI and Microsoft, and OpenAI disabled the endpoint.