SUSE-SU-2024:4194-1

Опубликовано: 05 дек. 2024

Источник: suse-cvrf

Описание

Security update for python-python-multipart

This update for python-python-multipart fixes the following issues:

CVE-2024-53981: excessive logging for certain inputs when parsing form data. (bsc#1234115)

Список пакетов

openSUSE Leap 15.6

python311-python-multipart-0.0.9-150600.3.3.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20244194-1/
Link for SUSE-SU-2024:4194-1
https://lists.suse.com/pipermail/sle-security-updates/2024-December/019920.html
E-Mail link for SUSE-SU-2024:4194-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1234115
SUSE Bug 1234115
https://www.suse.com/security/cve/CVE-2024-53981/
SUSE CVE CVE-2024-53981 page

Описание

python-multipart is a streaming multipart parser for Python. When parsing form data, python-multipart skips line breaks (CR \r or LF \n) in front of the first boundary and any tailing bytes after the last boundary. This happens one byte at a time and emits a log event each time, which may cause excessive logging for certain inputs. An attacker could abuse this by sending a malicious request with lots of data before the first or after the last boundary, causing high CPU load and stalling the processing thread for a significant amount of time. In case of ASGI application, this could stall the event loop and prevent other requests from being processed, resulting in a denial of service (DoS). This vulnerability is fixed in 0.0.18.

Затронутые продукты

openSUSE Leap 15.6:python311-python-multipart-0.0.9-150600.3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-53981.html
CVE-2024-53981
https://bugzilla.suse.com/1234115
SUSE Bug 1234115

SUSE-SU-2024:4194-1

Описание

Список пакетов

openSUSE Leap 15.6

Ссылки

Уязвимость: CVE-2024-53981

Описание

Затронутые продукты

Ссылки