Lucene search
K

5 matches found

CVE
CVE
added 2026/06/22 4:37 p.m.42 views

CVE-2026-54277

CVE-2026-54277 affects AIOHTTP prior to 3.14.1 where the max_line_size check in parts of the C HTTP parser can be bypassed, allowing an attacker to send oversized lines and cause excessive memory use leading to DoS. The issue occurs when using the optimized C parser (default in pre-built wheels)....

8.7CVSS5.8AI score0.00322EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/05 10:58 p.m.9 views

AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb

Summary A zip bomb can be used to execute a DoS against the aiohttp server. Impact An attacker may be able to send a compressed request that when decompressed by aiohttp could exhaust the host's memory. ------ Patch: https://github.com/aio-libs/aiohttp/commit/2b920c39002cee0ec5b402581779bbaaf7c91...

7.5CVSS7.1AI score0.00487EPSS
Exploits0References4Affected Software1
RedHat Linux
RedHat Linux
added 2024/04/23 5:18 p.m.6 views

python-aiohttp: numerous issues in HTTP parser with header parsing

An HTTP request smuggling vulnerability was found in aiohttp. Numerous issues with HTTP parsing can allow an attacker to smuggle HTTP requests...

7.5CVSS7.1AI score0.0085EPSS
Exploits1References5
OSV
OSV
added 2024/01/29 10:30 p.m.3 views

GHSA-8QPW-XQXJ-H4R2 aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators

Summary Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against injection of additional requests. Additionally, validation could trigger...

6.9CVSS6.7AI score0.0102EPSS
Exploits1References12
OSV
OSV
added 2023/11/14 10:20 p.m.16 views

GHSA-GFW2-4JVH-WGFG AIOHTTP has problems in HTTP parser (the python one, not llhttp)

Summary The HTTP parser in AIOHTTP has numerous problems with header parsing, which could lead to request smuggling. This parser is only used when AIOHTTPNOEXTENSIONS is enabled or not using a prebuilt wheel. Details Bug 1: Bad parsing of Content-Length values Description RFC 9110 says this:...

6.9CVSS6.7AI score0.0085EPSS
Exploits1References10
Rows per page
Query Builder