Описание
A flaw was found in multipart. The parse_options_header function in multipart.py uses a regular expression with an ambiguous alternation, causing an exponential backtracking (ReDoS) when parsing a specially crafted HTTP or multipart segment headers. A web application parsing request headers or multipart/form-data streams can block request handling threads for multiple seconds per request, eventually resulting in a denial of service.
Отчет
This issue is only exploitable in applications using the multipart.parse_form_data function directly or indirectly when parsing request headers or multipart/form-data streams. Also, the security impact of this flaw is limited to a denial of service, there is no corruption of memory or arbitrary code execution. Due to these reasons, this vulnerability has been rated with an important severity.
Меры по смягчению последствий
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Lightspeed Core | lightspeed-core/lightspeed-stack-rhel9 | Affected | ||
| Lightspeed Core | lightspeed-core/rag-tool-rhel9 | Affected | ||
| OpenShift Lightspeed | openshift-lightspeed/lightspeed-ocp-rag-rhel9 | Affected | ||
| OpenShift Lightspeed | openshift-lightspeed/lightspeed-service-api-rhel9 | Affected | ||
| Red Hat AI Inference Server | rhaiis-preview/vllm-cuda-rhel9 | Affected | ||
| Red Hat AI Inference Server | rhaiis/vllm-cpu-rhel9 | Affected | ||
| Red Hat AI Inference Server | rhaiis/vllm-cuda-rhel9 | Affected | ||
| Red Hat AI Inference Server | rhaiis/vllm-neuron-rhel9 | Affected | ||
| Red Hat AI Inference Server | rhaiis/vllm-rocm-rhel9 | Affected | ||
| Red Hat AI Inference Server | rhaiis/vllm-spyre-rhel9 | Affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
multipart is a fast multipart/form-data parser for python. Prior to 1.2.2, 1.3.1 and 1.4.0-dev, the parse_options_header() function in multipart.py uses a regular expression with an ambiguous alternation, which can cause exponential backtracking (ReDoS) when parsing maliciously crafted HTTP or multipart segment headers. This can be abused for denial of service (DoS) attacks against web applications using this library to parse request headers or multipart/form-data streams. The issue is fixed in 1.2.2, 1.3.1 and 1.4.0-dev.
multipart is a fast multipart/form-data parser for python. Prior to 1.2.2, 1.3.1 and 1.4.0-dev, the parse_options_header() function in multipart.py uses a regular expression with an ambiguous alternation, which can cause exponential backtracking (ReDoS) when parsing maliciously crafted HTTP or multipart segment headers. This can be abused for denial of service (DoS) attacks against web applications using this library to parse request headers or multipart/form-data streams. The issue is fixed in 1.2.2, 1.3.1 and 1.4.0-dev.
multipart is a fast multipart/form-data parser for python. Prior to 1. ...
multipart vulnerable to ReDoS in `parse_options_header()`
EPSS
7.5 High
CVSS3