CVE - CVE-2024-24762

CVE-ID
CVE-2024-24762	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
`python-multipart` is a streaming multipart parser for Python. When using form data, `python-multipart` uses a Regular Expression to parse the HTTP `Content-Type` header, including options. An attacker could send a custom-made `Content-Type` option that is very difficult for the RegEx to process, consuming CPU resources and stalling indefinitely (minutes or more) while holding the main event loop. This means that process can't handle any more requests, leading to regular expression denial of service. This vulnerability has been patched in version 0.0.7.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://github.com/Kludex/python-multipart/commit/20f0ef6b4e4caf7d69a667c54dff57fe467109a4 URL:https://github.com/Kludex/python-multipart/commit/20f0ef6b4e4caf7d69a667c54dff57fe467109a4 MISC:https://github.com/Kludex/python-multipart/security/advisories/GHSA-2jv5-9r88-3w3p URL:https://github.com/Kludex/python-multipart/security/advisories/GHSA-2jv5-9r88-3w3p MISC:https://github.com/andrew-d/python-multipart/blob/d3d16dae4b061c34fe9d3c9081d9800c49fc1f7a/multipart/multipart.py#L72-L74 URL:https://github.com/andrew-d/python-multipart/blob/d3d16dae4b061c34fe9d3c9081d9800c49fc1f7a/multipart/multipart.py#L72-L74 MISC:https://github.com/encode/starlette/commit/13e5c26a27f4903924624736abd6131b2da80cc5 URL:https://github.com/encode/starlette/commit/13e5c26a27f4903924624736abd6131b2da80cc5 MISC:https://github.com/encode/starlette/security/advisories/GHSA-93gm-qmq6-w238 URL:https://github.com/encode/starlette/security/advisories/GHSA-93gm-qmq6-w238 MISC:https://github.com/tiangolo/fastapi/commit/9d34ad0ee8a0dfbbcce06f76c2d5d851085024fc URL:https://github.com/tiangolo/fastapi/commit/9d34ad0ee8a0dfbbcce06f76c2d5d851085024fc MISC:https://github.com/tiangolo/fastapi/releases/tag/0.109.1 URL:https://github.com/tiangolo/fastapi/releases/tag/0.109.1 MISC:https://github.com/tiangolo/fastapi/security/advisories/GHSA-qf9m-vfgh-m389 URL:https://github.com/tiangolo/fastapi/security/advisories/GHSA-qf9m-vfgh-m389
Assigning CNA
GitHub (maintainer security advisories)
Date Record Created
20240129	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20240129)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)