A vulnerability in szad670401/hyperlpr v3.0 allows for a Denial of Service (DoS) attack. The server fails to handle excessive characters appended to the end of multipart boundaries, regardless of the character used. This flaw can be exploited by sending malformed multipart requests with arbitrary characters at the end of the boundary, leading to excessive resource consumption and a complete denial of service for all users. The vulnerability is unauthenticated, meaning no user login or interaction is required for an attacker to exploit this issue.
History

Wed, 15 Oct 2025 13:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-400

Wed, 15 Oct 2025 13:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-770

Thu, 20 Mar 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 20 Mar 2025 10:15:00 +0000

Type Values Removed Values Added
Description A vulnerability in szad670401/hyperlpr v3.0 allows for a Denial of Service (DoS) attack. The server fails to handle excessive characters appended to the end of multipart boundaries, regardless of the character used. This flaw can be exploited by sending malformed multipart requests with arbitrary characters at the end of the boundary, leading to excessive resource consumption and a complete denial of service for all users. The vulnerability is unauthenticated, meaning no user login or interaction is required for an attacker to exploit this issue.
Title Denial of Service (DoS) via Multipart Request in szad670401/hyperlpr
Weaknesses CWE-400
References
Metrics cvssV3_0

{'score': 7.5, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published: 2025-03-20T10:08:47.112Z

Updated: 2025-10-15T12:49:24.997Z

Reserved: 2024-11-01T21:16:40.274Z

Link: CVE-2024-10713

cve-icon Vulnrichment

Updated: 2025-03-20T17:55:09.186Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-03-20T10:15:18.400

Modified: 2025-10-15T13:15:36.730

Link: CVE-2024-10713

cve-icon Redhat

No data.