2211688 – (CVE-2023-30798) CVE-2023-30798 python-starlette: excessive memory usage

Bug 2211688 (CVE-2023-30798) - CVE-2023-30798 python-starlette: excessive memory usage

Summary: CVE-2023-30798 python-starlette: excessive memory usage

Keywords:
Status:	NEW
Alias:	CVE-2023-30798
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2211689
Blocks:
TreeView+	depends on / blocked

Reported:	2023-06-01 13:55 UTC by Marian Rehak
Modified:	2023-07-07 08:32 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Marian Rehak 2023-06-01 13:55:22 UTC

There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service.

https://vulncheck.com/advisories/starlette-multipartparser-dos
https://github.com/encode/starlette/security/advisories/GHSA-74m5-2c7w-9w3x
https://github.com/encode/starlette/commit/8c74c2c8dba7030154f8af18e016136bea1938fa

Comment 1 Marian Rehak 2023-06-01 13:55:36 UTC

Created python-starlette tracking bugs for this issue:

Affects: fedora-37 [bug 2211689]

Note You need to log in before you can comment on or make changes to this bug.