CVE-2023-25576

🗓️ 14 Feb 2023 16:11:15Reported by GitHub_MType

@fastify/multipart denial of service CVE-2023-25576 fixed in v7.4.1 and v6.0.

Reporter	Title	Published	Views	Family All 8
OSV	CVE-2023-25576	14 Feb 202316:15	–	osv
OSV	Denial of service due to unlimited number of parts	14 Feb 202321:49	–	osv
Veracode	Denial Of Service (DoS)	15 Feb 202307:37	–	veracode
NVD	CVE-2023-25576	14 Feb 202316:15	–	nvd
Prion	Code injection	14 Feb 202316:15	–	prion
Vulnrichment	CVE-2023-25576 @fastify/multipart vulnerable to DoS due to unlimited number of parts	14 Feb 202315:04	–	vulnrichment
Cvelist	CVE-2023-25576 @fastify/multipart vulnerable to DoS due to unlimited number of parts	14 Feb 202315:04	–	cvelist
Github Security Blog	Denial of service due to unlimited number of parts	14 Feb 202321:49	–	github

Nvd

Vulners

Node

fastify fastify-multipartRange<6.0.1fastify

fastify fastify-multipartRange7.0.0–7.4.1fastify

[
  {
    "vendor": "fastify",
    "product": "fastify-multipart",
    "versions": [
      {
        "version": "< 6.0.1",
        "status": "affected"
      },
      {
        "version": ">= 7.0.0, < 7.4.1",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/fastify/fastify-multipart/releases/tag/v6.0.1
github	www.github.com/fastify/fastify-multipart/releases/tag/v7.4.1
github	www.github.com/fastify/fastify-multipart/security/advisories/GHSA-hpp2-2cr5-pf6g
github	www.github.com/fastify/fastify-multipart/commit/85be81bedf5b29cfd9fe3efc30fb5a17173c1297
hackerone	www.hackerone.com/reports/1816195

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

14 Feb 2023 16:15Current

7.2High risk

Vulners AI Score7.2

CVSS37.5

EPSS0.002

SSVC

CWE-770