Main Vulnerability Database Vulnerabilities #VU75607

#VU75607 Resource exhaustion in starlette - CVE-2023-30798

Published: May 1, 2023

Vulnerability identifier: #VU75607

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-30798

CWE-ID: CWE-400

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
starlette

Software vendor:
Encode

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service.

Remediation

Install updates from vendor's website.

External links

https://vulncheck.com/advisories/starlette-multipartparser-dos
https://github.com/encode/starlette/security/advisories/GHSA-74m5-2c7w-9w3x
https://github.com/encode/starlette/commit/8c74c2c8dba7030154f8af18e016136bea1938fa