50 matches found
CVE-2026-54277
A flaw was found in aiohttp, an asynchronous HTTP client/server framework for Python. A remote attacker can exploit this vulnerability by sending oversized lines within an HTTP request. This bypasses the maxlinesize check in the C parser, causing the system to use an excessive amount of memory...
CVE-2026-54277
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, it is possible to bypass the maxlinesize check in parts of an HTTP request in the C parser. If using the optimised C parser the default in pre-built wheels, then an attacker may be able to send...
CVE-2026-54277 AIOHTTP: C HTTP Parser Bypasses max_line_size for Fragmented Lines
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, it is possible to bypass the maxlinesize check in parts of an HTTP request in the C parser. If using the optimised C parser the default in pre-built wheels, then an attacker may be able to send...
CVE-2026-54277
CVE-2026-54277 affects AIOHTTP prior to 3.14.1 where the max_line_size check in parts of the C HTTP parser can be bypassed, allowing an attacker to send oversized lines and cause excessive memory use leading to DoS. The issue occurs when using the optimized C parser (default in pre-built wheels)....
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the C HTTP parser when the maxlinesize check is bypassed for fragmented lines. An attacker can cause excessive memory consumption by sending oversized HTTP request lines, potential...
GHSA-63HW-FMQ6-XXG2 aiohttp: C HTTP Parser Bypasses max_line_size for Fragmented Lines
Summary It is possible to bypass the maxlinesize check in parts of an HTTP request in the C parser. Impact If using the optimised C parser the default in pre-built wheels, then an attacker may be able to send oversized lines through the HTTP parser and use an excessive amount of memory, potential...
PT-2026-49591
Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.14.1 Description An issue exists in the C parser of the asynchronous HTTP client/server framework where the max line size check can be bypassed in parts of an HTTP request. When using the optimized C parser, which i...
EUVD-2016-3411
Malware in sbrugna...
UBUNTU-CVE-2025-53628
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.20.1, cpp-httplib does not have a limit for a unique line, permitting an attacker to explore this to allocate memory arbitrarily. This vulnerability is fixed in 0.20.1. NOTE: This vulnerability is related...
golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm
A flaw was discovered in Go's net/http standard library package. When parsing a multipart form either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile, limits on the total size of the parsed form were not applied to the...
golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm
A flaw was discovered in Go's net/http standard library package. When parsing a multipart form either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile, limits on the total size of the parsed form were not applied to the...
golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm
A flaw was discovered in Go's net/http standard library package. When parsing a multipart form either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile, limits on the total size of the parsed form were not applied to the...
CVE-2024-44949
In the Linux kernel, the following vulnerability has been resolved: parisc: fix a possible DMA corruption ARCHDMAMINALIGN was defined as 16 - this is too small - it may be possible that two unrelated 16-byte allocations share a cache line. If one of these allocations is written using DMA and the...
CVE-2024-44949
In the Linux kernel, the following vulnerability has been resolved: parisc: fix a possible DMA corruption ARCHDMAMINALIGN was defined as 16 - this is too small - it may be possible that two unrelated 16-byte allocations share a cache line. If one of these allocations is written using DMA and the...
AZL-50254 CVE-2024-44949 affecting package kernel for versions less than 5.15.176.3-1
In the Linux kernel, the following vulnerability has been resolved: parisc: fix a possible DMA corruption ARCHDMAMINALIGN was defined as 16 - this is too small - it may be possible that two unrelated 16-byte allocations share a cache line. If one of these allocations is written using DMA and the...
UBUNTU-CVE-2024-44949
In the Linux kernel, the following vulnerability has been resolved: parisc: fix a possible DMA corruption ARCHDMAMINALIGN was defined as 16 - this is too small - it may be possible that two unrelated 16-byte allocations share a cache line. If one of these allocations is written using DMA and the...
CVE-2024-44949
In the Linux kernel, the following vulnerability has been resolved: parisc: fix a possible DMA corruption ARCHDMAMINALIGN was defined as 16 - this is too small - it may be possible that two unrelated 16-byte allocations share a cache line. If one of these allocations is written using DMA and the...
CVE-2024-44949 parisc: fix a possible DMA corruption
In the Linux kernel, the following vulnerability has been resolved: parisc: fix a possible DMA corruption ARCHDMAMINALIGN was defined as 16 - this is too small - it may be possible that two unrelated 16-byte allocations share a cache line. If one of these allocations is written using DMA and the...
CVE-2024-44949
CVE-2024-44949 affects the Linux kernel on PA-RISC (parisc) systems. The issue stems from ARCH_DMA_MINALIGN being set to 16, enabling two unrelated 16‑byte allocations to share a cache line and risking DMA/cached writes corrupting the data. The fix updates the alignment: ARCH_DMA_MINALIGN becomes...
CVE-2024-44949 parisc: fix a possible DMA corruption
In the Linux kernel, the following vulnerability has been resolved: parisc: fix a possible DMA corruption ARCHDMAMINALIGN was defined as 16 - this is too small - it may be possible that two unrelated 16-byte allocations share a cache line. If one of these allocations is written using DMA and the...