Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory as Python data. If a request can be made to an endpoint that accesses request.data, request.form, request.files, or request.get_data(parse_form_data=False), it can cause unexpectedly high resource usage. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. The amount of RAM required can trigger an out of memory kill of the process. Unlimited file parts can use up memory and file handles. If many concurrent requests are sent continuously, this can exhaust or kill all available workers.
Created cascadia-code-fonts tracking bugs for this issue: Affects: fedora-36 [bug 2170248] Created jetbrains-mono-fonts tracking bugs for this issue: Affects: fedora-36 [bug 2170250] Created mingw-python-werkzeug tracking bugs for this issue: Affects: fedora-all [bug 2170261] Created mote tracking bugs for this issue: Affects: epel-7 [bug 2170244] Created ndiscover-exo-2-fonts tracking bugs for this issue: Affects: fedora-37 [bug 2170262] Created openstack-vitrage tracking bugs for this issue: Affects: openstack-rdo [bug 2170264] Created oraculum tracking bugs for this issue: Affects: fedora-36 [bug 2170253] Created python-flask-caching tracking bugs for this issue: Affects: fedora-36 [bug 2170255] Created python-tilestache tracking bugs for this issue: Affects: fedora-36 [bug 2170256] Created python-werkzeug tracking bugs for this issue: Affects: fedora-all [bug 2170259] Affects: openstack-rdo [bug 2170266] Created python3-werkzeug tracking bugs for this issue: Affects: epel-7 [bug 2170246]
This issue has been addressed in the following products: Red Hat OpenStack Platform 17.0 Via RHSA-2023:1018 https://access.redhat.com/errata/RHSA-2023:1018
Patch: https://github.com/pallets/werkzeug/commit/517cac5a804e8c4dc4ed038bb20dacd038e7a9f1 Fixed in werkzeug-2.2.3
This issue has been addressed in the following products: Red Hat OpenStack Platform 16.1 Red Hat OpenStack Platform 16.2 Red Hat OpenStack Platform 13.0 Octavia - ELS Via RHSA-2023:1281 https://access.redhat.com/errata/RHSA-2023:1281
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-25577
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Via RHSA-2023:1325 https://access.redhat.com/errata/RHSA-2023:1325
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.14 Via RHSA-2023:7473 https://access.redhat.com/errata/RHSA-2023:7473
This issue has been addressed in the following products: Red Hat Quay 3 Via RHSA-2023:7341 https://access.redhat.com/errata/RHSA-2023:7341