GHSA-63HF-3VF5-4WQF AIOHTTP's C parser (llhttp) accepts null bytes and control characters in response header values - header injection/security bypass

Summary The C parser the default for most installs accepted null bytes and control characters is response headers. Impact An attacker could send header values that are interpreted differently than expected due to the presence of control characters. For example, request.url.origin may return a...

CVE-2026-34520

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, the C parser the default for most installs accepted null bytes and control characters in response headers. This issue has been patched in version 3.13.4...

DEBIAN-CVE-2026-34520

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, the C parser the default for most installs accepted null bytes and control characters in response headers. This issue has been patched in version 3.13.4...

CVE-2026-34520

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, the C parser the default for most installs accepted null bytes and control characters in response headers. This issue has been patched in version 3.13.4...

CVE-2026-34520

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, the C parser the default for most installs accepted null bytes and control characters in response headers. This issue has been patched in version 3.13.4...

CVE-2026-34520

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, the C parser the default for most installs accepted null bytes and control characters in response headers. This issue has been patched in version 3.13.4...

CVE-2026-34520 AIOHTTP: C parser (llhttp) accepts null bytes and control characters in response header values - header injection / security bypass

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, the C parser the default for most installs accepted null bytes and control characters in response headers. This issue has been patched in version 3.13.4...

CVE-2026-34520

CVE-2026-34520 affects the aiohttp project. Prior to version 3.13.4, the C parser (llhttp, default for most installs) accepted null bytes and control characters in response header values, enabling header-related issues. The issue has been patched in aiohttp 3.13.4. Per connected sources, the vuln...

CVE-2026-34520 AIOHTTP: C parser (llhttp) accepts null bytes and control characters in response header values - header injection / security bypass

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, the C parser the default for most installs accepted null bytes and control characters in response headers. This issue has been patched in version 3.13.4...

CVE-2026-34520

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, the C parser the default for most installs accepted null bytes and control characters in response headers. This issue has been patched in version 3.13.4...

PT-2026-29609

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.13.4 Description The C parser, used by default in most installations, allowed null bytes and control characters within response headers. An attacker could leverage this to send header values that are interpreted...

Improper Certificate Validation

github.com/envoyproxy/envoy is vulnerable to improper certificate validation. The vulnerability is due to incorrect handling of embedded null bytes \0 in OTHERNAME SAN values within mTLS certificate matching, which allows an attacker to bypass certificate validation and achieve unauthorized acces...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the uclobjectemit function when operating in UCLPARSERZEROCOPY mode and processing input containing a key with an embedded null byte. An attacker can cause a segmentation fault and disrupt service by submitting...

Security Bulletin: Improper neutralization of null bytes may lead to buffer over-reads in MongoDB Server affecting MongoDB Enterprised Advanced (CVE-2024-10921)

Summary There is a vulnerability in MongoDB Server used in MongoDB Enterprised Advanced for IBM, involving improper neutralization of null bytes may lead to buffer over-reads in MongoDB Server. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2024-10921 DESCRIPTION: An...

CVE-2026-24489

Gakido is a Python HTTP client focused on browser impersonation and anti-bot evasion. A vulnerability was discovered in Gakido prior to version 0.1.1 that allowed HTTP header injection through CRLF Carriage Return Line Feed sequences in user-supplied header values and names. When making HTTP...

MiracleLinux 7 : php-5.4.16-48.0.7.el7.AXS7 (AXSA:2025-10750:06)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10750:06 advisory. CVE-2025-1220: error if host contains null bytes in the middle of the string CVEs: CVE-2025-1220 In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3...

CVE-2023-53950

CVE-2023-53950 affects InnovaStudio WYSIWYG Editor 5.4. The vulnerability is an unrestricted file upload via filename manipulation that bypasses file extension restrictions, enabling attackers to upload malicious ASP shells by using null byte techniques and alternate file extensions to circumvent...

Envoy's TLS certificate matcher for `match_typed_subject_alt_names` may incorrectly treat certificates containing an embedded null byte

Summary Envoy’s mTLS certificate matcher for matchtypedsubjectaltnames may incorrectly treat certificates containing an embedded null byte \0 inside an OTHERNAME SAN value as valid matches. Details This occurs when the SAN is encoded as a BMPSTRING or UNIVERSALSTRING, and its UTF-8 conversion...

CVE-2025-66220 Envoy’s TLS certificate matcher for `match_typed_subject_alt_names` may incorrectly treat certificates containing an embedded null byte

Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, Envoy’s mTLS certificate matcher for matchtypedsubjectaltnames may incorrectly treat certificates containing an embedded null byte \0 inside an OTHERNAME SAN value as valid matches...

Siemens SIMATIC S7-1500 Use of Insufficiently Random Values (CVE-2020-11501)

GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 2018-07-16 because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks...