Lucene search
K

50 matches found

RedhatCVE
RedhatCVE
added 2026/06/25 5:32 p.m.5 views

CVE-2026-54277

A flaw was found in aiohttp, an asynchronous HTTP client/server framework for Python. A remote attacker can exploit this vulnerability by sending oversized lines within an HTTP request. This bypasses the maxlinesize check in the C parser, causing the system to use an excessive amount of memory...

8.7CVSS5.9AI score0.00322EPSS
Exploits0References5
NVD
NVD
added 2026/06/22 6:16 p.m.9 views

CVE-2026-54277

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, it is possible to bypass the maxlinesize check in parts of an HTTP request in the C parser. If using the optimised C parser the default in pre-built wheels, then an attacker may be able to send...

8.7CVSS0.00322EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/22 4:37 p.m.33 views

CVE-2026-54277 AIOHTTP: C HTTP Parser Bypasses max_line_size for Fragmented Lines

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, it is possible to bypass the maxlinesize check in parts of an HTTP request in the C parser. If using the optimised C parser the default in pre-built wheels, then an attacker may be able to send...

8.7CVSS0.00322EPSS
Exploits0References2
CVE
CVE
added 2026/06/22 4:37 p.m.39 views

CVE-2026-54277

CVE-2026-54277 affects AIOHTTP prior to 3.14.1 where the max_line_size check in parts of the C HTTP parser can be bypassed, allowing an attacker to send oversized lines and cause excessive memory use leading to DoS. The issue occurs when using the optimized C parser (default in pre-built wheels)....

8.7CVSS5.8AI score0.00322EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/06/15 8:9 p.m.16 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the C HTTP parser when the maxlinesize check is bypassed for fragmented lines. An attacker can cause excessive memory consumption by sending oversized HTTP request lines, potential...

8.7CVSS5.3AI score0.00322EPSS
Exploits0References2
OSV
OSV
added 2026/06/15 8:9 p.m.6 views

GHSA-63HW-FMQ6-XXG2 aiohttp: C HTTP Parser Bypasses max_line_size for Fragmented Lines

Summary It is possible to bypass the maxlinesize check in parts of an HTTP request in the C parser. Impact If using the optimised C parser the default in pre-built wheels, then an attacker may be able to send oversized lines through the HTTP parser and use an excessive amount of memory, potential...

8.7CVSS5.4AI score0.00322EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.18 views

PT-2026-49591

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.14.1 Description An issue exists in the C parser of the asynchronous HTTP client/server framework where the max line size check can be bypassed in parts of an HTTP request. When using the optimized C parser, which i...

8.7CVSS5.9AI score0.00322EPSS
Exploits0References20
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2016-3411

Malware in sbrugna...

8.8CVSS8.6AI score0.02567EPSS
Exploits0References6
OSV
OSV
added 2025/07/10 8:15 p.m.2 views

UBUNTU-CVE-2025-53628

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.20.1, cpp-httplib does not have a limit for a unique line, permitting an attacker to explore this to allocate memory arbitrarily. This vulnerability is fixed in 0.20.1. NOTE: This vulnerability is related...

8.8CVSS5.6AI score0.00442EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2024/11/12 9:5 a.m.3 views

golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm

A flaw was discovered in Go's net/http standard library package. When parsing a multipart form either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile, limits on the total size of the parsed form were not applied to the...

6.5CVSS7.4AI score0.01165EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2024/10/14 2:22 a.m.2 views

golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm

A flaw was discovered in Go's net/http standard library package. When parsing a multipart form either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile, limits on the total size of the parsed form were not applied to the...

6.5CVSS7.4AI score0.01165EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2024/09/24 3:30 a.m.3 views

golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm

A flaw was discovered in Go's net/http standard library package. When parsing a multipart form either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile, limits on the total size of the parsed form were not applied to the...

6.5CVSS7.4AI score0.01165EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2024/09/04 8:44 p.m.18 views

CVE-2024-44949

In the Linux kernel, the following vulnerability has been resolved: parisc: fix a possible DMA corruption ARCHDMAMINALIGN was defined as 16 - this is too small - it may be possible that two unrelated 16-byte allocations share a cache line. If one of these allocations is written using DMA and the...

7.1CVSS7AI score0.00231EPSS
Exploits0References4
NVD
NVD
added 2024/09/04 7:15 p.m.21 views

CVE-2024-44949

In the Linux kernel, the following vulnerability has been resolved: parisc: fix a possible DMA corruption ARCHDMAMINALIGN was defined as 16 - this is too small - it may be possible that two unrelated 16-byte allocations share a cache line. If one of these allocations is written using DMA and the...

7.8CVSS0.00231EPSS
Exploits0References5
OSV
OSV
added 2024/09/04 7:15 p.m.7 views

AZL-50254 CVE-2024-44949 affecting package kernel for versions less than 5.15.176.3-1

In the Linux kernel, the following vulnerability has been resolved: parisc: fix a possible DMA corruption ARCHDMAMINALIGN was defined as 16 - this is too small - it may be possible that two unrelated 16-byte allocations share a cache line. If one of these allocations is written using DMA and the...

7.8CVSS6.7AI score0.00231EPSS
Exploits0References1
OSV
OSV
added 2024/09/04 7:15 p.m.4 views

UBUNTU-CVE-2024-44949

In the Linux kernel, the following vulnerability has been resolved: parisc: fix a possible DMA corruption ARCHDMAMINALIGN was defined as 16 - this is too small - it may be possible that two unrelated 16-byte allocations share a cache line. If one of these allocations is written using DMA and the...

7.8CVSS6.5AI score0.00231EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2024/09/04 7:15 p.m.17 views

CVE-2024-44949

In the Linux kernel, the following vulnerability has been resolved: parisc: fix a possible DMA corruption ARCHDMAMINALIGN was defined as 16 - this is too small - it may be possible that two unrelated 16-byte allocations share a cache line. If one of these allocations is written using DMA and the...

7.8CVSS6.6AI score0.00231EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/09/04 6:35 p.m.39 views

CVE-2024-44949 parisc: fix a possible DMA corruption

In the Linux kernel, the following vulnerability has been resolved: parisc: fix a possible DMA corruption ARCHDMAMINALIGN was defined as 16 - this is too small - it may be possible that two unrelated 16-byte allocations share a cache line. If one of these allocations is written using DMA and the...

0.00231EPSS
Exploits0References4
CVE
CVE
added 2024/09/04 6:35 p.m.121 views

CVE-2024-44949

CVE-2024-44949 affects the Linux kernel on PA-RISC (parisc) systems. The issue stems from ARCH_DMA_MINALIGN being set to 16, enabling two unrelated 16‑byte allocations to share a cache line and risking DMA/cached writes corrupting the data. The fix updates the alignment: ARCH_DMA_MINALIGN becomes...

7.8CVSS7AI score0.00231EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/09/04 6:35 p.m.19 views

CVE-2024-44949 parisc: fix a possible DMA corruption

In the Linux kernel, the following vulnerability has been resolved: parisc: fix a possible DMA corruption ARCHDMAMINALIGN was defined as 16 - this is too small - it may be possible that two unrelated 16-byte allocations share a cache line. If one of these allocations is written using DMA and the...

7.8CVSS6.2AI score0.00231EPSS
Exploits0References8
Rows per page
Query Builder