Memory Allocation with Excessive Size Value

Overview ParquetSharp is a .NET library for reading and writing Parquet files. Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value in the DecimalConverter.ReadDecimal function. An attacker can cause a large stackalloc by supplying a Parquet file with a...

GHSA-2J26-FRM8-CMJ9 Rails Active Support has a possible DoS vulnerability in its number helpers

Impact Active Support number helpers accept strings containing scientific notation e.g. 1e10000, which when converted to a string could be expanded into extremely large decimal representations. This can cause excessive memory allocation and CPU consumption when the expanded number is formatted,...

SUSE CVE-2025-69225

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below contain parser logic which allows non-ASCII decimals to be present in the Range header. There is no known impact, but there is the possibility that there's a method to exploit a request...

DEBIAN-CVE-2025-69225

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below contain parser logic which allows non-ASCII decimals to be present in the Range header. There is no known impact, but there is the possibility that there's a method to exploit a request...

CVE-2025-69225

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below contain parser logic which allows non-ASCII decimals to be present in the Range header. There is no known impact, but there is the possibility that there's a method to exploit a request...

UBUNTU-CVE-2025-69225

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below contain parser logic which allows non-ASCII decimals to be present in the Range header. There is no known impact, but there is the possibility that there's a method to exploit a request...

CVE-2025-69225

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below contain parser logic which allows non-ASCII decimals to be present in the Range header. There is no known impact, but there is the possibility that there's a method to exploit a request...

CVE-2025-69225 AIOHTTP Regex Mismatch Allows Unicode in ASCII-Only Protocol Fields

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below contain parser logic which allows non-ASCII decimals to be present in the Range header. There is no known impact, but there is the possibility that there's a method to exploit a request...

CVE-2025-69225

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below contain parser logic which allows non-ASCII decimals to be present in the Range header. There is no known impact, but there is the possibility that there's a method to exploit a request...

CVE-2025-69225

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below contain parser logic which allows non-ASCII decimals to be present in the Range header. There is no known impact, but there is the possibility that there's a method to exploit a request...

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling via the parsing of Range headers. An attacker can potentially interfere with HTTP request processing by supplying non-ASCII decimals in the header, which may lead to unexpected parser mismatches. Remediation Upgra...

AIOHTTP has unicode match groups in regexes for ASCII protocol elements

Summary The parser allows non-ASCII decimals to be present in the Range header. Impact There is no known impact, but there is the possibility that there's a method to exploit a request smuggling vulnerability. ---- Patch:...

GHSA-MQQC-3GQH-H2X8 AIOHTTP has unicode match groups in regexes for ASCII protocol elements

Summary The parser allows non-ASCII decimals to be present in the Range header. Impact There is no known impact, but there is the possibility that there's a method to exploit a request smuggling vulnerability. ---- Patch:...

PT-2026-1350

Name of the Vulnerable Software and Affected Versions AIOHTTP versions 3.13.2 and below Description AIOHTTP, an asynchronous HTTP client/server framework for asyncio and Python, has an issue in its parser logic. The parser allows non-ASCII decimals to be present in the Range header. This could...

CVE-2025-62496 Integer overflow in js_bigint_from_string in QuickJS

A vulnerability exists in the QuickJS engine's BigInt string parsing logic jsbigintfromstring when attempting to create a BigInt from a string with an excessively large number of digits. The function calculates the necessary number of bits nbits required to store the BigInt using the formula:...

PYSEC-2025-29

vyper is a Pythonic Smart Contract Language for the EVM. Vyper sqrt builtin uses the babylonian method to calculate square roots of decimals. Unfortunately, improper handling of the oscillating final states may lead to sqrt incorrectly returning rounded up results. This issue is being addressed a...

python-django: Memory exhaustion in django.utils.numberformat.floatformat()

A security issue was found in Django. If 'floatformat' received a string representation of a number in scientific notation with a large exponent, it could lead to significant memory consumption. To avoid this, decimals with more than 200 digits are now returned as is...

doInteraction() won't mint tokens to user if interaction.specifiedAmount less than 10**12 and has certain conditions

Lines of code Vulnerability details Impact If the user calls doInteraction and executes Interaction with specifiedAmount less than 10 12 and a big difference in token decimals, the user won't get any tokens. Proof of Concept Core external functions like doInteraction will call the internal...

D.O.S due to wrong scaling factor

Lines of code Vulnerability details Impact The cNote token which is a fork of the CToken contract has a scaling method used to handle the exchange rate between CToken and the underlying token. This method helps scale the exchange rate because solidity doesn't handle fixed-point decimals. The...

asD::withdrawCarry assumes wrong number of decimals returned by exchangeRateCurrent which will cause owner to not be able to withdraw revenue

Lines of code Vulnerability details tl;dr asD::withdrawCarry assumes that the exchange rate returned by the cNote contract will be scaled by 1e28, but in reality it will be only scaled by 1e18. It will cause withdrawCarry to always revert with Integer Underflow, which means that owner won't ever ...