The vulnerability of the python-multipart streaming multi-component parser lies in the inefficient complexity of regular expressions, allowing attackers to trigger a service failure.

🗓️ 12 Feb 2025 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 2 Views

The python-multipart streaming parser has inefficient regex and Content-Type validation flaws.

Reporter	Title	Published	Views	Family All 42
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service due to [CVE-2023-24762]	7 Mar 202415:31	–	ibm
IBM Security Bulletins	Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities	1 Mar 202419:27	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Business Automation Workflow Machine Learning Server are addressed with 23.0.2-IF002	2 Apr 202408:09	–	ibm
Chainguard	CVE-2024-24762 vulnerabilities	5 Feb 202415:15	–	cgr
Circl	CVE-2024-24762	5 Feb 202416:31	–	circl
CNNVD	python-multipart Resource Management Error Vulnerability	5 Feb 202400:00	–	cnnvd
CVE	CVE-2024-24762	5 Feb 202414:33	–	cve
Cvelist	CVE-2024-24762 python-multipart vulnerable to content-type header Regular expression Denial of Service	5 Feb 202414:33	–	cvelist
Debian CVE	CVE-2024-24762	5 Feb 202414:33	–	debiancve
EUVD	EUVD-2024-0059	3 Oct 202520:07	–	euvd

Source	Link
github	www.github.com/Kludex/python-multipart/commit/20f0ef6b4e4caf7d69a667c54dff57fe467109a4
redos	www.redos.red-soft.ru/support/secure/
web	www.web.nvd.nist.gov/view/vuln/detail

30 Jan 2026 00:00Current

6.8Medium risk

Vulners AI Score6.8

CVSS 37.5

CVSS 27.8

EPSS0.03333

python multipart streaming parser inefficient regex content type validation remote disruption