The SentinelOne Annual Threat Report - A Defenders Guide from the FrontlinesThe SentinelOne Annual Threat ReportGet the Report
Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
  • Platform
    Platform Overview
    • Singularity Platform
      Welcome to Integrated Enterprise Security
    • AI for Security
      Leading the Way in AI-Powered Security Solutions
    • Securing AI
      Accelerate AI Adoption with Secure AI Tools, Apps, and Agents.
    • How It Works
      The Singularity XDR Difference
    • Singularity Marketplace
      One-Click Integrations to Unlock the Power of XDR
    • Pricing & Packaging
      Comparisons and Guidance at a Glance
    Data & AI
    • Purple AI
      Accelerate SecOps with Generative AI
    • Singularity Hyperautomation
      Easily Automate Security Processes
    • AI-SIEM
      The AI SIEM for the Autonomous SOC
    • Singularity Data Lake
      AI-Powered, Unified Data Lake
    • Singularity Data Lake for Log Analytics
      Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
    Endpoint Security
    • Singularity Endpoint
      Autonomous Prevention, Detection, and Response
    • Singularity XDR
      Native & Open Protection, Detection, and Response
    • Singularity RemoteOps Forensics
      Orchestrate Forensics at Scale
    • Singularity Threat Intelligence
      Comprehensive Adversary Intelligence
    • Singularity Vulnerability Management
      Application & OS Vulnerability Management
    • Singularity Identity
      Identity Threat Detection and Response
    Cloud Security
    • Singularity Cloud Security
      Block Attacks with an AI-Powered CNAPP
    • Singularity Cloud Native Security
      Secure Cloud and Development Resources
    • Singularity Cloud Workload Security
      Real-Time Cloud Workload Protection Platform
    • Singularity Cloud Data Security
      AI-Powered Threat Detection for Cloud Storage
    • Singularity Cloud Security Posture Management
      Detect and Remediate Cloud Misconfigurations
    Securing AI
    • Prompt Security
      Secure AI Tools Across Your Enterprise
  • Why SentinelOne?
    Why SentinelOne?
    • Why SentinelOne?
      Cybersecurity Built for What’s Next
    • Our Customers
      Trusted by the World’s Leading Enterprises
    • Industry Recognition
      Tested and Proven by the Experts
    • About Us
      The Industry Leader in Autonomous Cybersecurity
    Compare SentinelOne
    • Arctic Wolf
    • Broadcom
    • CrowdStrike
    • Cybereason
    • Microsoft
    • Palo Alto Networks
    • Sophos
    • Splunk
    • Trellix
    • Trend Micro
    • Wiz
    Verticals
    • Energy
    • Federal Government
    • Finance
    • Healthcare
    • Higher Education
    • K-12 Education
    • Manufacturing
    • Retail
    • State and Local Government
  • Services
    Managed Services
    • Managed Services Overview
      Wayfinder Threat Detection & Response
    • Threat Hunting
      World-Class Expertise and Threat Intelligence
    • Managed Detection & Response
      24/7/365 Expert MDR Across Your Entire Environment
    • Incident Readiness & Response
      DFIR, Breach Readiness, & Compromise Assessments
    Support, Deployment, & Health
    • Technical Account Management
      Customer Success with Personalized Service
    • SentinelOne GO
      Guided Onboarding & Deployment Advisory
    • SentinelOne University
      Live and On-Demand Training
    • Services Overview
      Comprehensive Solutions for Seamless Security Operations
    • SentinelOne Community
      Community Login
  • Partners
    Our Network
    • MSSP Partners
      Succeed Faster with SentinelOne
    • Singularity Marketplace
      Extend the Power of S1 Technology
    • Cyber Risk Partners
      Enlist Pro Response and Advisory Teams
    • Technology Alliances
      Integrated, Enterprise-Scale Solutions
    • SentinelOne for AWS
      Hosted in AWS Regions Around the World
    • Channel Partners
      Deliver the Right Solutions, Together
    • SentinelOne for Google Cloud
      Unified, Autonomous Security Giving Defenders the Advantage at Global Scale
    • Partner Locator
      Your Go-to Source for Our Top Partners in Your Region
    Partner Portal→
  • Resources
    Resource Center
    • Case Studies
    • Data Sheets
    • eBooks
    • Reports
    • Videos
    • Webinars
    • Whitepapers
    • Events
    View All Resources→
    Blog
    • Feature Spotlight
    • For CISO/CIO
    • From the Front Lines
    • Identity
    • Cloud
    • macOS
    • SentinelOne Blog
    Blog→
    Tech Resources
    • SentinelLABS
    • Ransomware Anthology
    • Cybersecurity 101
  • About
    About SentinelOne
    • About SentinelOne
      The Industry Leader in Cybersecurity
    • Investor Relations
      Financial Information & Events
    • SentinelLABS
      Threat Research for the Modern Threat Hunter
    • Careers
      The Latest Job Opportunities
    • Press & News
      Company Announcements
    • Cybersecurity Blog
      The Latest Cybersecurity Threats, News, & More
    • FAQ
      Get Answers to Our Most Frequently Asked Questions
    • DataSet
      The Live Data Platform
    • S Foundation
      Securing a Safer Future for All
    • S Ventures
      Investing in the Next Generation of Security, Data and AI
  • Pricing
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2024-47874

CVE-2024-47874: Starlette ASGI Framework DoS Vulnerability

CVE-2024-47874 is a denial of service flaw in Starlette ASGI framework that allows attackers to exhaust server memory through unlimited form field uploads. This article covers technical details, affected versions, and mitigations.

Updated: January 22, 2026

CVE-2024-47874 Overview

CVE-2024-47874 is a high-severity Denial of Service (DoS) vulnerability affecting Starlette, a popular Asynchronous Server Gateway Interface (ASGI) framework/toolkit widely used in Python web development. Prior to version 0.40.0, Starlette improperly handles multipart/form-data parts that lack a filename attribute, treating them as text form fields and buffering them in byte strings with no size limit. This resource exhaustion flaw (CWE-770) allows attackers to upload arbitrarily large form fields, causing excessive memory allocations and copy operations that can render services unusable or trigger OOM (Out of Memory) termination.

Critical Impact

This vulnerability affects all applications built with Starlette or FastAPI that accept form requests, enabling attackers to exhaust server memory and cause complete service denial even when reverse proxy request size limits are in place.

Affected Products

  • Starlette versions prior to 0.40.0
  • FastAPI applications using vulnerable Starlette versions
  • Any ASGI application built on Starlette that accepts multipart/form-data requests

Discovery Timeline

  • 2024-10-15 - CVE-2024-47874 published to NVD
  • 2024-11-21 - Last updated in NVD database

Technical Details for CVE-2024-47874

Vulnerability Analysis

The vulnerability resides in Starlette's multipart form data parsing functionality within formparsers.py. When processing multipart/form-data requests, Starlette distinguishes between file uploads (which have a filename attribute) and text form fields (which do not). The critical flaw is that text form fields are buffered entirely in memory as byte strings without any size restrictions.

An attacker can exploit this by sending malformed multipart requests containing extremely large form fields without the filename attribute. Each such field is accumulated in memory, causing the server to perform excessive memory allocations and copy operations. The impact is two-fold: immediate performance degradation due to memory management overhead, and eventual memory exhaustion leading to service failure.

What makes this vulnerability particularly dangerous is that it can bypass conventional request size limits enforced by reverse proxies. Since the attack operates at the multipart parsing level, even applications behind properly configured load balancers remain vulnerable. Parallel exploitation requests can rapidly amplify the impact, rendering services practically unusable.

Root Cause

The root cause is improper allocation of resources without limits (CWE-770) in the MultipartPart class. The original implementation stored form field data as immutable bytes objects, which require creating new memory allocations and copying data for each append operation. This design, combined with the absence of size validation, creates both a memory exhaustion vector and amplifies the computational overhead of processing malicious requests.

Attack Vector

The attack vector is network-based with low complexity, requiring no authentication or user interaction. An attacker sends HTTP POST requests with Content-Type: multipart/form-data containing form fields without filename attributes but with extremely large content bodies. Multiple parallel requests can be used to accelerate memory exhaustion and maximize denial of service impact.

python
# Security patch in starlette/formparsers.py - Merge commit from fork
 class MultipartPart:
     content_disposition: bytes | None = None
     field_name: str = ""
-    data: bytes = b""
+    data: bytearray = field(default_factory=bytearray)
     file: UploadFile | None = None
     item_headers: list[tuple[bytes, bytes]] = field(default_factory=list)


-def _user_safe_decode(src: bytes, codec: str) -> str:
+def _user_safe_decode(src: bytes | bytearray, codec: str) -> str:
     try:
         return src.decode(codec)
     except (UnicodeDecodeError, LookupError):

Source: GitHub Commit Update

Detection Methods for CVE-2024-47874

Indicators of Compromise

  • Abnormally high memory consumption on application servers running Starlette or FastAPI
  • Multiple HTTP POST requests with multipart/form-data content type containing unusually large payloads
  • OOM killer events in system logs targeting Python/ASGI processes
  • Sudden degradation in application response times correlated with increased memory usage

Detection Strategies

  • Monitor application memory usage patterns for sudden spikes during multipart form processing
  • Implement request body size monitoring at the application layer, not just at the reverse proxy
  • Deploy network-based anomaly detection for unusually large multipart/form-data POST requests
  • Review application logs for timeout errors and memory-related exceptions during form handling

Monitoring Recommendations

  • Configure alerting thresholds for memory utilization on Starlette/FastAPI application servers
  • Implement rate limiting on endpoints that accept multipart form data submissions
  • Enable detailed logging for multipart request processing to identify attack patterns
  • Monitor process restart frequency as a potential indicator of OOM-related terminations

How to Mitigate CVE-2024-47874

Immediate Actions Required

  • Upgrade Starlette to version 0.40.0 or later immediately
  • Update FastAPI dependencies to pull in the patched Starlette version
  • Implement request size limits at multiple layers including application-level validation
  • Review and harden rate limiting configurations for form submission endpoints

Patch Information

The vulnerability is fixed in Starlette version 0.40.0. The patch modifies the MultipartPart class to use mutable bytearray instead of immutable bytes for storing form field data. This change significantly reduces memory allocation overhead during data accumulation. For detailed patch information, refer to the GitHub Security Advisory GHSA-f96h-pmfr-66vw and the security patch commit.

Workarounds

  • Implement strict request body size limits at both reverse proxy and application levels
  • Deploy memory resource limits (cgroups/container limits) to contain the impact of exploitation
  • Consider implementing custom middleware to validate multipart form field sizes before processing
  • Enable request timeout configurations to terminate long-running requests indicative of exploitation
bash
# Configuration example - Update Starlette via pip
pip install --upgrade starlette>=0.40.0

# For FastAPI applications, update dependencies
pip install --upgrade fastapi

# Verify installed version
pip show starlette | grep Version

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypeDOS
  • Vendor/TechStarlette
  • SeverityHIGH
  • CVSS Score8.7
  • EPSS Probability0.09%
  • Known ExploitedNo
  • CVSS Vector
  • CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Impact Assessment
  • ConfidentialityLow
  • IntegrityNone
  • AvailabilityHigh
  • CWE References
  • CWE-770
  • Technical References
  • GitHub Commit Update
  • GitHub Security Advisory GHSA-f96h-pmfr-66vw
  • Related CVEs
  • CVE-2025-62727: Starlette ASGI Framework DoS Vulnerability
  • CVE-2025-54121: Starlette ASGI Framework DoS Vulnerability
Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne
  • Get Started
  • Get a Demo
  • Product Tour
  • Why SentinelOne
  • Pricing & Packaging
  • FAQ
  • Contact
  • Contact Us
  • Customer Support
  • SentinelOne Status
  • Language
  • Platform
  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Services
  • Wayfinder TDR
  • SentinelOne GO
  • Technical Account Management
  • Support Services
  • Verticals
  • Energy
  • Federal Government
  • Finance
  • Healthcare
  • Higher Education
  • K-12 Education
  • Manufacturing
  • Retail
  • State and Local Government
  • Cybersecurity for SMB
  • Resources
  • Blog
  • Labs
  • Case Studies
  • Videos
  • Product Tours
  • Events
  • Cybersecurity 101
  • eBooks
  • Webinars
  • Whitepapers
  • Press
  • News
  • Ransomware Anthology
  • Company
  • About Us
  • Our Customers
  • Careers
  • Partners
  • Legal & Compliance
  • Security & Compliance
  • Investor Relations
  • S Foundation
  • S Ventures

©2026 SentinelOne, All Rights Reserved.

Privacy Notice Terms of Use

English