Lucene search
K

5 matches found

Cvelist
Cvelist
added 2026/06/22 4:37 p.m.33 views

CVE-2026-54277 AIOHTTP: C HTTP Parser Bypasses max_line_size for Fragmented Lines

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, it is possible to bypass the maxlinesize check in parts of an HTTP request in the C parser. If using the optimised C parser the default in pre-built wheels, then an attacker may be able to send...

8.7CVSS0.00322EPSS
Exploits0References2
CVE
CVE
added 2026/06/22 4:37 p.m.39 views

CVE-2026-54277

CVE-2026-54277 affects AIOHTTP prior to 3.14.1 where the max_line_size check in parts of the C HTTP parser can be bypassed, allowing an attacker to send oversized lines and cause excessive memory use leading to DoS. The issue occurs when using the optimized C parser (default in pre-built wheels)....

8.7CVSS5.8AI score0.00322EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/06/15 8:9 p.m.16 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the C HTTP parser when the maxlinesize check is bypassed for fragmented lines. An attacker can cause excessive memory consumption by sending oversized HTTP request lines, potential...

8.7CVSS5.3AI score0.00322EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/15 8:9 p.m.10 views

aiohttp: C HTTP Parser Bypasses max_line_size for Fragmented Lines

Summary It is possible to bypass the maxlinesize check in parts of an HTTP request in the C parser. Impact If using the optimised C parser the default in pre-built wheels, then an attacker may be able to send oversized lines through the HTTP parser and use an excessive amount of memory, potential...

8.7CVSS5.4AI score0.00322EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/15 8:9 p.m.6 views

GHSA-63HW-FMQ6-XXG2 aiohttp: C HTTP Parser Bypasses max_line_size for Fragmented Lines

Summary It is possible to bypass the maxlinesize check in parts of an HTTP request in the C parser. Impact If using the optimised C parser the default in pre-built wheels, then an attacker may be able to send oversized lines through the HTTP parser and use an excessive amount of memory, potential...

8.7CVSS5.4AI score0.00322EPSS
Exploits0References3
Rows per page
Query Builder