CVE-2024-10713

A vulnerability in szad670401/hyperlpr v3.0 allows for a Denial of Service (DoS) attack. The server fails to handle excessive characters appended to the end of multipart boundaries, regardless of the character used. This flaw can be exploited by sending malformed multipart requests with arbitrary characters at the end of the boundary, leading to excessive resource consumption and a complete denial of service for all users. The vulnerability is unauthenticated, meaning no user login or interaction is required for an attacker to exploit this issue.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://huntr.com/bounties/d5404069-95b3-40e0-a7a4-c3a183d861b0

Configurations

No configuration.

History

15 Oct 2025, 13:15

Type	Values Removed	Values Added
CWE	~~CWE-400~~	CWE-770
Summary		(es) Una vulnerabilidad en szad670401/hyperlpr v3.0 permite un ataque de denegación de servicio (DoS). El servidor no gestiona el exceso de caracteres añadidos al final de los límites multiparte, independientemente del carácter utilizado. Esta falla puede explotarse enviando solicitudes multiparte malformadas con caracteres arbitrarios al final del límite, lo que provoca un consumo excesivo de recursos y una denegación de servicio completa para todos los usuarios. La vulnerabilidad no está autenticada, lo que significa que un atacante no requiere que el usuario inicie sesión ni interactúe con él.

20 Mar 2025, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-20 10:15

Updated : 2025-10-15 13:15

NVD link : CVE-2024-10713

Mitre link : CVE-2024-10713

CVE.ORG link : CVE-2024-10713

JSON object : View

Products Affected

No product.

CWE

CWE-770

Allocation of Resources Without Limits or Throttling

7.5 /10