PT-2023-9030 · Unknown+11 · Net/Textproto+11

Das7Pad

+1

·

Published

2023-04-04

·

Updated

2025-02-28

·

CVE-2023-24534

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions net/textproto versions (affected versions not specified)
Description The issue is related to HTTP and MIME header parsing, which can allocate large amounts of memory even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the function used to parse HTTP and MIME headers to allocate substantially more memory than required to hold the parsed headers. An attacker can exploit this behavior to cause an HTTP server to allocate large amounts of memory from a small request, potentially leading to memory exhaustion and a denial of service.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

ALSA-2023:6346
ALSA-2023:6363
ALSA-2023:6402
ALSA-2023:6420
ALSA-2023:6473
ALSA-2023:6474
ALSA-2023:6938
ALSA-2023:6939
ALT-PU-2023-1575
ALT-PU-2023-1598
ALT-PU-2023-4736
ALT-PU-2023-4785
ALT-PU-2023-5492
ALT-PU-2023-7055
AZL-25990
AZL-26027
AZL-37414
AZL-37484
AZL-52878
AZL-79066
BDU:2024-03154
BIT-GOLANG-2023-24534
CESA-2023_3319
CESA-2023_6938
CESA-2023_6939
CVE-2023-24534
GO-2023-1704
MGASA-2023-0145
OESA-2023-1237
OESA-2023-1822
OESA-2023-1823
OESA-2023-1824
OESA-2024-1001
OESA-2024-1074
OESA-2025-1059
OESA-2025-1185
OESA-2025-1221
OESA-2025-1222
OPENSUSE-SU-2024:12841-1
OPENSUSE-SU-2024:12845-1
OPENSUSE-SU-2024:13007-1
OPENSUSE-SU-2024:14076-1
RHSA-2023:3318
RHSA-2023:3319
RHSA-2023:3366
RHSA-2023:3445
RHSA-2023:3450
RHSA-2023:3536
RHSA-2023:3540
RHSA-2023:3612
RHSA-2023:4003
RHSA-2023:4093
RHSA-2023:4459
RHSA-2023:4470
RHSA-2023:5964
RHSA-2023:6346
RHSA-2023:6363
RHSA-2023:6402
RHSA-2023:6420
RHSA-2023:6473
RHSA-2023:6474
RHSA-2023:6938
RHSA-2023:6939
RHSA-2023_3318
RHSA-2023_3319
RHSA-2023_6346
RHSA-2023_6363
RHSA-2023_6402
RHSA-2023_6420
RHSA-2023_6473
RHSA-2023_6474
RHSA-2023_6938
RHSA-2023_6939
SUSE-SU-2023:1791-1
SUSE-SU-2023:1792-1
SUSE-SU-2023:2105-1
SUSE-SU-2023:2105-2
SUSE-SU-2023:2127-1
SUSE-SU-2023_1791-1
SUSE-SU-2023_1792-1
SUSE-SU-2023_2105-1
SUSE-SU-2023_2105-2
SUSE-SU-2023_2127-1
USN-6038-1
USN-6038-2
USN-6140-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Debian
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu
Net/Textproto