Litestar allows unbounded resource consumption (DoS vulnerability)

CVE-2024-52581

What is CVE-2024-52581?

The multipart form parser in Litestar ASGI framework, specifically in versions prior to 2.13.0, allows an attacker to exploit excessive memory utilization through the uploading of arbitrarily large files. This design flaw stems from the parser's reliance on handling the complete request body as a single byte string, without any enforced size limits. Consequently, this can lead to significant memory consumption, causing potential denial of service on the affected server. While limit adjustments for the number of parts might be implemented, they do not adequately mitigate the risk of out-of-memory errors. A patch addressing this issue has been released in version 2.13.0.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References