1211993 – (CVE-2023-30798) VUL-0: CVE-2023-30798: python-starlette: excessive memory usage

Bug 1211993 (CVE-2023-30798) - VUL-0: CVE-2023-30798: python-starlette: excessive memory usage

Summary: VUL-0: CVE-2023-30798: python-starlette: excessive memory usage

Status:	RESOLVED FIXED

Alias:	CVE-2023-30798

Product:	openSUSE Distribution
Classification:	openSUSE
Component:	Security (show other bugs)
Version:	Leap 15.4
Hardware:	Other Other

Priority:	P5 - None Severity: Major (vote)
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	E-mail List

URL:	https://smash.suse.de/issue/364211/
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2023-06-05 07:27 UTC by Gabriele Sonnu
Modified:	2023-06-05 07:29 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Gabriele Sonnu 2023-06-05 07:27:46 UTC

CVE-2023-30798

There MultipartParser usage in Encode's Starlette python framework before
versions 0.25.0 allows an unauthenticated and remote attacker to specify any
number of form fields or files which can cause excessive memory usage resulting
in denial of service of the HTTP service.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30798
https://bugzilla.redhat.com/show_bug.cgi?id=2211688
https://www.cve.org/CVERecord?id=CVE-2023-30798
https://github.com/encode/starlette/commit/8c74c2c8dba7030154f8af18e016136bea1938fa
https://github.com/encode/starlette/security/advisories/GHSA-74m5-2c7w-9w3x
https://vulncheck.com/advisories/starlette-multipartparser-dos

Comment 1 Gabriele Sonnu 2023-06-05 07:29:54 UTC

Already fixed, closing.