Bug 2211688 (CVE-2023-30798)

Summary: CVE-2023-30798 python-starlette: excessive memory usage
Product: [Other] Security Response Reporter: Marian Rehak <mrehak>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2211689    
Bug Blocks:    

Description Marian Rehak 2023-06-01 13:55:22 UTC 
There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service.

https://vulncheck.com/advisories/starlette-multipartparser-dos
https://github.com/encode/starlette/security/advisories/GHSA-74m5-2c7w-9w3x
https://github.com/encode/starlette/commit/8c74c2c8dba7030154f8af18e016136bea1938fa
Comment 1 Marian Rehak 2023-06-01 13:55:36 UTC 
Created python-starlette tracking bugs for this issue:

Affects: fedora-37 [bug 2211689]