CVE-2024-10051

Source
https://cve.org/CVERecord?id=CVE-2024-10051
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-10051.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-10051
Published
2025-03-20T10:10:53.295Z
Modified
2026-07-15T01:49:07.592040590Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Unauthenticated Denial of Service in shaunwei/realchar
Details

Realchar version v0.0.4 is vulnerable to an unauthenticated denial of service (DoS) attack. The vulnerability exists in the file upload request handling, where appending characters, such as dashes (-), to the end of a multipart boundary in an HTTP request causes the server to continuously process each character. This leads to excessive resource consumption and renders the service unavailable. The issue is unauthenticated and does not require any user interaction, impacting all users of the service.

Database specific
{
    "cna_assigner": "@huntr_ai",
    "cwe_ids": [
        "CWE-770"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/10xxx/CVE-2024-10051.json"
}
References

Affected packages

Git / github.com/shaunwei/realchar

Affected ranges

Type
GIT
Repo
https://github.com/shaunwei/realchar
Events
Database specific
{
    "source": "CPE_STRING",
    "cpe": "cpe:2.3:a:shaunwei:realchar:0.0.4:-:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0.0.4-NA"
        },
        {
            "last_affected": "0.0.4-NA"
        }
    ]
}

Affected versions

0.*
0.0.4-NA
v0.*
v0.0.4

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-10051.json"