15 matches found
EUVD-2015-8781
Malware in sbrugna...
netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions
A flaw in Netty’s HTTP/1.1 chunked encoding parser allows newline LF characters in chunk extensions to be incorrectly treated as the end of the chunk-size line instead of requiring the proper CRLF sequence. This discrepancy can be exploited in rare cases where a reverse proxy interprets the same...
OESA-2025-1046 python-aiohttp security update
Async http client/server framework asyncio. Security Fixes: aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain...
SUSE CVE-2024-52304
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions. If a pure Python version of aiohttp is installe...
AZL-53232 CVE-2024-52304 affecting package python-aiohttp 3.6.2-3
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions. If a pure Python version of aiohttp is installe...
DEBIAN-CVE-2024-52304
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions. If a pure Python version of aiohttp is installe...
UBUNTU-CVE-2024-52304
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions. If a pure Python version of aiohttp is installe...
HTTP Request Smuggling
Overview Affected versions of this package are vulnerable to HTTP Request Smuggling due to incorrect parsing of newlines in chunk extensions via the feeddata function. An attacker can bypass firewall or proxy protections by sending specially crafted requests. Note: Exploiting this vulnerability i...
DEBIAN-CVE-2015-8925
The readline function in archivereadsupportformatmtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service invalid read via a crafted mtree file, related to newline parsing...
CVE-2015-8925
The readline function in archivereadsupportformatmtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service invalid read via a crafted mtree file, related to newline parsing...
Design/Logic Flaw
The readline function in archivereadsupportformatmtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service invalid read via a crafted mtree file, related to newline parsing...
CVE-2015-8925
CVE-2015-8925 affects libarchive (before 3.2.0). A denial of service can be triggered by processing a crafted mtree file due to an invalid memory read in read_mtree. Affected products include libarchive in various distributions; remediation is to upgrade to a fixed libarchive version as provided ...
CVE-2015-8925
The readline function in archivereadsupportformatmtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service invalid read via a crafted mtree file, related to newline parsing...
CVE-2015-8925
The readline function in archivereadsupportformatmtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service invalid read via a crafted mtree file, related to newline parsing...
UBUNTU-CVE-2015-8925
The readline function in archivereadsupportformatmtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service invalid read via a crafted mtree file, related to newline parsing...