1147 matches found
AZL-73517 CVE-2025-69223 affecting package python-aiohttp 3.6.2-3
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host's memory...
AZL-73494 CVE-2025-69223 affecting package python-aiohttp 3.6.2-3
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host's memory...
DEBIAN-CVE-2025-69223
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host's memory...
CVE-2025-69223
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host's memory...
UBUNTU-CVE-2025-69223
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host's memory...
CVE-2025-69223 AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host's memory...
CVE-2025-69223 AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host's memory...
CVE-2025-69223 AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host's memory...
CVE-2025-69223
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host's memory...
CVE-2025-69223
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host's memory...
CVE-2025-69223
CVE-2025-69223 affects AIOHTTP (async HTTP framework for asyncio/Python). Version 3.13.2 and earlier are vulnerable to a zip bomb that, when decompressed by the server, can exhaust memory and cause a DoS. The issue is resolved in version 3.13.3. In practice, an attacker could send a compressed re...
aiohttp 安全漏洞
aiohttp is an open source asynchronous HTTP client/server framework for asyncio and Python from aio-libs. A security vulnerability exists in aiohttp 3.13.2 and earlier versions, which stems from a zip bomb that can cause the server to run out of memory, potentially leading to a denial-of-service...
aiohttp 信息泄露漏洞
aiohttp is an open source asynchronous HTTP client/server framework for asyncio and Python from aio-libs. An information disclosure vulnerability exists in aiohttp 3.13.2 and earlier versions, which stems from path normalization logic that may disclose absolute path component information,...
PT-2026-1355
Name of the Vulnerable Software and Affected Versions AIOHTTP versions 3.13.2 and below Description AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Handling of chunked messages in versions 3.13.2 and below can lead to excessive blocking CPU usage when receiving a...
PT-2026-1357
Name of the Vulnerable Software and Affected Versions AIOHTTP versions 3.13.2 and below Description AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Accessing the cookies attribute in an application with versions 3.13.2 and below can lead to a logging storm when...
PT-2026-1354
Name of the Vulnerable Software and Affected Versions AIOHTTP versions 3.13.2 and below Description AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below are susceptible to a denial of service condition. An attacker can craft a request that caus...
PT-2026-1353
Name of the Vulnerable Software and Affected Versions AIOHTTP versions 3.13.2 and below Description AIOHTTP, an asynchronous HTTP client/server framework for asyncio and Python, is susceptible to a denial-of-service DoS attack. When optimizations are enabled using -O or PYTHONOPTIMIZE=1, and an...
PT-2026-1350
Name of the Vulnerable Software and Affected Versions AIOHTTP versions 3.13.2 and below Description AIOHTTP, an asynchronous HTTP client/server framework for asyncio and Python, has an issue in its parser logic. The parser allows non-ASCII decimals to be present in the Range header. This could...
PT-2026-1348
Name of the Vulnerable Software and Affected Versions AIOHTTP versions 3.13.2 and below Description AIOHTTP, an asynchronous HTTP client/server framework for asyncio and Python, is susceptible to a denial-of-service DoS attack. An attacker can send a compressed request, specifically a zip bomb,...
aiohttp 环境问题漏洞
aiohttp is an open source asynchronous HTTP client/server framework for asyncio and Python from aio-libs open source. An environment issue vulnerability exists in aiohttp 3.13.2 and earlier versions, which stems from the presence of non-ASCII characters that could allow a request entrapment attac...