333 matches found
DEBIAN-CVE-2025-62727
Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion...
UBUNTU-CVE-2025-62727
Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion...
GHSA-7F5H-V6XP-FCQ8 Starlette vulnerable to O(n^2) DoS via Range header merging in ``starlette.responses.FileResponse``
Summary An unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion per request, causing denial‑of‑service for endpoints serving files e.g., StaticFiles or any use of...
Starlette vulnerable to O(n^2) DoS via Range header merging in ``starlette.responses.FileResponse``
Summary An unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion per request, causing denial‑of‑service for endpoints serving files e.g., StaticFiles or any use of...
CVE-2025-62727 Starlette vulnerable to O(n^2) DoS via Range header merging in starlette.responses.FileResponse
Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion...
CVE-2025-62727 Starlette vulnerable to O(n^2) DoS via Range header merging in starlette.responses.FileResponse
Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion...
EUVD-2025-36555
Starlette is a lightweight ASGI framework/toolkit. Prior to 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion per request, causing denial‑of‑service...
CVE-2025-62727
CVE-2025-62727 (Starlette) : Affects Starlette before version 0.49.1, where an unauthenticated attacker can send a crafted HTTP Range header triggering quadratic-time processing in FileResponse Range parsing/merging, causing CPU exhaustion and denial of service on file-serving endpoints. A fix is...
CVE-2025-62727 Starlette vulnerable to O(n^2) DoS via Range header merging in starlette.responses.FileResponse
Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion...
PT-2025-44209
Name of the Vulnerable Software and Affected Versions Starlette versions 0.39.0 through 0.49.0 Description Starlette is a lightweight ASGI framework/toolkit. An unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range...
EUVD-2014-9515
Malware in sbrugna...
EUVD-2019-13356
Malware in sbrugna...
EUVD-2013-0505
Malware in sbrugna...
EUVD-2004-2291
Malware in sbrugna...
EUVD-2018-11470
Malware in sbrugna...
EUVD-2020-7676
Malware in sbrugna...
EUVD-2010-2274
Malware in sbrugna...
EUVD-2008-7125
Malware in sbrugna...
RockyLinux 10 : libsoup3 (RLSA-2025:8128)
The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:8128 advisory. libsoup: Denial of Service attack to websocket server CVE-2025-32049 libsoup: Denial of service in server when client requests a large amount of...
EUVD-2022-49960
Malicious code in bioql PyPI...