Lucene search
K

347 matches found

CVE
CVE
added 2026/01/05 11:16 p.m.32 views

CVE-2025-69225

CVE-2025-69225 affects the aiohttp project (versions 3.13.2 and below) where the Range header parser incorrectly allows non-ASCII decimals. The description notes no known impact but discloses a potential method for exploiting a request smuggling vulnerability; remediation is to upgrade to 3.13.3....

6.9CVSS6.3AI score0.00236EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/05 11:16 p.m.4 views

CVE-2025-69225 AIOHTTP Regex Mismatch Allows Unicode in ASCII-Only Protocol Fields

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below contain parser logic which allows non-ASCII decimals to be present in the Range header. There is no known impact, but there is the possibility that there's a method to exploit a request...

6.9CVSS6.3AI score0.00236EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/01/05 11:16 p.m.4 views

CVE-2025-69225

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below contain parser logic which allows non-ASCII decimals to be present in the Range header. There is no known impact, but there is the possibility that there's a method to exploit a request...

6.9CVSS7.5AI score0.00236EPSS
Exploits0
Cvelist
Cvelist
added 2026/01/05 11:16 p.m.25 views

CVE-2025-69225 AIOHTTP Regex Mismatch Allows Unicode in ASCII-Only Protocol Fields

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below contain parser logic which allows non-ASCII decimals to be present in the Range header. There is no known impact, but there is the possibility that there's a method to exploit a request...

6.9CVSS0.00236EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/01/05 11:16 p.m.4 views

CVE-2025-69225

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below contain parser logic which allows non-ASCII decimals to be present in the Range header. There is no known impact, but there is the possibility that there's a method to exploit a request...

6.9CVSS6.8AI score0.00236EPSS
Exploits0
OSV
OSV
added 2026/01/05 11:9 p.m.2 views

GHSA-MQQC-3GQH-H2X8 AIOHTTP has unicode match groups in regexes for ASCII protocol elements

Summary The parser allows non-ASCII decimals to be present in the Range header. Impact There is no known impact, but there is the possibility that there's a method to exploit a request smuggling vulnerability. ---- Patch:...

6.9CVSS7AI score0.00236EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/01/05 11:9 p.m.10 views

AIOHTTP has unicode match groups in regexes for ASCII protocol elements

Summary The parser allows non-ASCII decimals to be present in the Range header. Impact There is no known impact, but there is the possibility that there's a method to exploit a request smuggling vulnerability. ---- Patch:...

6.9CVSS6.9AI score0.00236EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/05 12:0 a.m.4 views

PT-2026-1350

Name of the Vulnerable Software and Affected Versions AIOHTTP versions 3.13.2 and below Description AIOHTTP, an asynchronous HTTP client/server framework for asyncio and Python, has an issue in its parser logic. The parser allows non-ASCII decimals to be present in the Range header. This could...

9.8CVSS6.6AI score0.00337EPSS
Exploits0References219
Veracode
Veracode
added 2025/12/13 7:30 a.m.5 views

Denial Of Service (DoS)

Starlette is vulnerable to Denial Of Service DoS. The vulnerability is due to quadratic-time processing in the FileResponse HTTP Range header parsing and merging logic, which allows an unauthenticated attacker to send a crafted Range header to exhaust CPU resources...

7.5CVSS7AI score0.00638EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/04 12:0 a.m.5 views

PT-2026-7987

Name of the Vulnerable Software and Affected Versions libsoup affected versions not specified Description A flaw exists in libsoup, an HTTP library used in GNOME-based systems. Improper validation of HTTP Range headers when processing specially crafted requests can lead to out-of-bounds read acce...

5.3CVSS6.2AI score0.0043EPSS
Exploits0References81
SUSE CVE
SUSE CVE
added 2025/10/30 12:23 a.m.3 views

SUSE CVE-2025-62727

Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion...

7.5CVSS5.6AI score0.00638EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/10/29 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-62727

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP...

7.5CVSS6.4AI score0.00638EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/28 9:50 p.m.4 views

CVE-2025-62727

Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion...

7.5CVSS6.2AI score0.00638EPSS
Exploits0References5
OSV
OSV
added 2025/10/28 9:15 p.m.1 views

DEBIAN-CVE-2025-62727

Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion...

7.5CVSS6.1AI score0.00638EPSS
Exploits0References1
NVD
NVD
added 2025/10/28 9:15 p.m.4 views

CVE-2025-62727

Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion...

7.5CVSS0.00638EPSS
Exploits0References4
OSV
OSV
added 2025/10/28 9:15 p.m.3 views

UBUNTU-CVE-2025-62727

Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion...

7.5CVSS6.8AI score0.00638EPSS
Exploits0References4
OSV
OSV
added 2025/10/28 8:38 p.m.3 views

GHSA-7F5H-V6XP-FCQ8 Starlette vulnerable to O(n^2) DoS via Range header merging in ``starlette.responses.FileResponse``

Summary An unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion per request, causing denial‑of‑service for endpoints serving files e.g., StaticFiles or any use of...

7.5CVSS6.5AI score0.00638EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2025/10/28 8:38 p.m.8 views

Starlette vulnerable to O(n^2) DoS via Range header merging in ``starlette.responses.FileResponse``

Summary An unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion per request, causing denial‑of‑service for endpoints serving files e.g., StaticFiles or any use of...

7.5CVSS6.9AI score0.00638EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2025/10/28 8:14 p.m.4 views

CVE-2025-62727 Starlette vulnerable to O(n^2) DoS via Range header merging in starlette.responses.FileResponse

Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion...

7.5CVSS6.6AI score0.00638EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/10/28 8:14 p.m.7 views

CVE-2025-62727 Starlette vulnerable to O(n^2) DoS via Range header merging in starlette.responses.FileResponse

Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion...

7.5CVSS0.00638EPSS
Exploits0References4
Rows per page
Query Builder