Описание
Tornado is a Python web framework and asynchronous networking library. Versions 6.5.2 and below use an inefficient algorithm when parsing parameters for HTTP header values, potentially causing a DoS. The _parseparam function in httputil.py is used to parse specific HTTP header values, such as those in multipart/form-data and repeatedly calls string.count() within a nested loop while processing quoted semicolons. If an attacker sends a request with a large number of maliciously crafted parameters in a Content-Disposition header, the server's CPU usage increases quadratically (O(n²)) during parsing. Due to Tornado's single event loop architecture, a single malicious request can cause the entire server to become unresponsive for an extended period. This issue is fixed in version 6.5.3.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 6.5.4-0.1 |
| esm-apps/bionic | released | 4.5.3-1ubuntu0.2+esm2 |
| esm-apps/focal | released | 6.0.3+really5.1.1-3ubuntu0.1~esm3 |
| esm-apps/jammy | released | 6.1.0-3ubuntu0.1~esm4 |
| esm-infra/xenial | released | 4.2.1-1ubuntu3.1+esm2 |
| jammy | needed | |
| noble | released | 6.4.0-1ubuntu0.4 |
| plucky | released | 6.4.2-1ubuntu0.25.04.3 |
| questing | released | 6.4.2-3ubuntu0.2 |
| upstream | needs-triage |
Показывать по
Ссылки на источники
EPSS
7.5 High
CVSS3
Связанные уязвимости
Tornado is a Python web framework and asynchronous networking library. Versions 6.5.2 and below use an inefficient algorithm when parsing parameters for HTTP header values, potentially causing a DoS. The _parseparam function in httputil.py is used to parse specific HTTP header values, such as those in multipart/form-data and repeatedly calls string.count() within a nested loop while processing quoted semicolons. If an attacker sends a request with a large number of maliciously crafted parameters in a Content-Disposition header, the server's CPU usage increases quadratically (O(n²)) during parsing. Due to Tornado's single event loop architecture, a single malicious request can cause the entire server to become unresponsive for an extended period. This issue is fixed in version 6.5.3.
Tornado is a Python web framework and asynchronous networking library. ...
EPSS
7.5 High
CVSS3