Lucene search

GitHub Advisory DatabaseGHSA-RWQR-C348-M5WR

HistoryJun 24, 2022 - 12:00 a.m.

Withdrawn: Denial of Service in aiohttp

2022-06-2400:00:31

GitHub Advisory Database

github.com

aiohttp

v3.8.1

invalid ipv6

denial of service

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

19.9%

JSON

Withdrawn

This advisory has been withdrawn because the maintainers of aiohttp and multiple third parties disputed the validity of the issue. There is not sufficient evidence for the claims in the original report.

Original Description

aiohttp v3.8.1 was discovered to contain an invalid IPv6 URL which can lead to a Denial of Service (DoS).

Affected configurations

Vulners

Node

aiohttpaiohttpRange≤3.8.1

VendorProductVersionCPE
aiohttpaiohttp*cpe:2.3:a:aiohttp:aiohttp:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
aiohttp	aiohttp	*	cpe:2.3:a:aiohttp:aiohttp::::::::

References

github.com/advisories/GHSA-rwqr-c348-m5wr

github.com/aio-libs/aiohttp/issues/6772

nvd.nist.gov/vuln/detail/CVE-2022-33124

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

19.9%

JSON

Related for GHSA-RWQR-C348-M5WR