CVE-2023-30798

EUVD-2023-0244
There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
VulnCheckCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 75%
Affected Products (NVD)
VendorProductVersion
encodestarlette
𝑥
< 0.25.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
starlette
bookworm
0.26.1-1
fixed
bullseye
no-dsa
sid
0.41.3-2
fixed
trixie
0.41.3-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
starlette
bionic
dne
focal
dne
jammy
needs-triage
kinetic
ignored
lunar
not-affected
mantic
not-affected
noble
not-affected
oracular
not-affected
trusty
ignored
xenial
ignored
Common Weakness Enumeration
References
https://github.com/encode/starlette/commit/8c74c2c8dba7030154f8af18e016136bea1938fa
https://github.com/encode/starlette/security/advisories/GHSA-74m5-2c7w-9w3x
https://vulncheck.com/advisories/starlette-multipartparser-dos
https://github.com/encode/starlette/commit/8c74c2c8dba7030154f8af18e016136bea1938fa
https://github.com/encode/starlette/security/advisories/GHSA-74m5-2c7w-9w3x
https://vulncheck.com/advisories/starlette-multipartparser-dos