CVE-2024-24762 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2024-24762 Interim 1 14 2026-03-05T02:50:15Z current 2024-02-07T00:09:17Z 2026-03-05T02:50:15Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2024-24762 `python-multipart` is a streaming multipart parser for Python. When using form data, `python-multipart` uses a Regular Expression to parse the HTTP `Content-Type` header, including options. An attacker could send a custom-made `Content-Type` option that is very difficult for the RegEx to process, consuming CPU resources and stalling indefinitely (minutes or more) while holding the main event loop. This means that process can't handle any more requests, leading to regular expression denial of service. This vulnerability has been patched in version 0.0.7. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Server 16.0 openSUSE Leap 15.6 openSUSE Tumbleweed python-python-multipart python310-fastapi-0.109.1-1.1 python310-python-multipart-0.0.7-1.1 python311-fastapi-0.109.1-1.1 python311-python-multipart python311-python-multipart-0.0.7-1.1 python312-fastapi-0.109.1-1.1 python312-python-multipart-0.0.7-1.1 python313-fastapi-0.115.8-160000.2.2 python313-python-multipart-0.0.20-160000.2.2 python39-fastapi-0.109.1-1.1 python39-python-multipart-0.0.7-1.1 python313-fastapi-0.115.8-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 python313-python-multipart-0.0.20-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 python310-fastapi-0.109.1-1.1 as a component of openSUSE Tumbleweed python310-python-multipart-0.0.7-1.1 as a component of openSUSE Tumbleweed python311-fastapi-0.109.1-1.1 as a component of openSUSE Tumbleweed python311-python-multipart-0.0.7-1.1 as a component of openSUSE Tumbleweed python312-fastapi-0.109.1-1.1 as a component of openSUSE Tumbleweed python312-python-multipart-0.0.7-1.1 as a component of openSUSE Tumbleweed python39-fastapi-0.109.1-1.1 as a component of openSUSE Tumbleweed python39-python-multipart-0.0.7-1.1 as a component of openSUSE Tumbleweed python311-python-multipart as a component of openSUSE Leap 15.6 python-python-multipart as a component of openSUSE Leap 15.6 `python-multipart` is a streaming multipart parser for Python. When using form data, `python-multipart` uses a Regular Expression to parse the HTTP `Content-Type` header, including options. An attacker could send a custom-made `Content-Type` option that is very difficult for the RegEx to process, consuming CPU resources and stalling indefinitely (minutes or more) while holding the main event loop. This means that process can't handle any more requests, leading to regular expression denial of service. This vulnerability has been patched in version 0.0.7. CVE-2024-24762 SUSE Linux Enterprise Server 16.0:python313-fastapi-0.115.8-160000.2.2 SUSE Linux Enterprise Server 16.0:python313-python-multipart-0.0.20-160000.2.2 openSUSE Tumbleweed:python310-fastapi-0.109.1-1.1 openSUSE Tumbleweed:python310-python-multipart-0.0.7-1.1 openSUSE Tumbleweed:python311-fastapi-0.109.1-1.1 openSUSE Tumbleweed:python311-python-multipart-0.0.7-1.1 openSUSE Tumbleweed:python312-fastapi-0.109.1-1.1 openSUSE Tumbleweed:python312-python-multipart-0.0.7-1.1 openSUSE Tumbleweed:python39-fastapi-0.109.1-1.1 openSUSE Tumbleweed:python39-python-multipart-0.0.7-1.1 openSUSE Leap 15.6:python-python-multipart openSUSE Leap 15.6:python311-python-multipart important 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H