CVE-2025-69224

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below of the Python HTTP parser may allow a request smuggling attack with the presence of non-ASCII characters. If a pure Python version of AIOHTTP is installed i.e. without the usual C extensions ...

PT-2026-1349

Name of the Vulnerable Software and Affected Versions AIOHTTP versions 3.13.2 and below Description AIOHTTP, an asynchronous HTTP client/server framework for asyncio and Python, may be susceptible to a request smuggling attack when using versions 3.13.2 and below. This issue arises from the...

EulerOS Virtualization 2.13.0 : protobuf (EulerOS-SA-2025-2594)

According to the versions of the protobuf packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of...

EulerOS Virtualization 2.13.1 : protobuf (EulerOS-SA-2025-2559)

According to the versions of the protobuf packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of...

Security Bulletin: Due to the use of Protobuf Pure-Python backend, IBM Watson Discovery Cartridge is vulnerable to corruption by exceeding the Python recursion limit

Summary IBM Watson Discovery Cartridge uses Protobuf Pure-Python backend for gRPC communication between the Python IOCR service and the Scala/Java pipeline components Vulnerability Details CVEID:CVE-2025-4565 DESCRIPTION: Any project that uses Protobuf Pure-Python backend to parse untrusted...

EulerOS 2.0 SP13 : protobuf (EulerOS-SA-2025-2307)

According to the versions of the protobuf packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups,...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: protobuf (UTSA-2025-984777)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-984777 advisory. Any project that uses Protobuf Pure-Python backendto parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or ...

EulerOS 2.0 SP10 : protobuf (EulerOS-SA-2025-2081)

According to the versions of the protobuf packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Any project that uses Protobuf Pure-Python backendto parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups,...

ROS-20250904-06

A vulnerability in the Protobuf Pure-Python structured data serialization library is related to uncontrolled recursion when analyzing unreliable data containing an arbitrary number of recursive groups, recursive messages, or series of SGROUP tags. Exploitation of the vulnerability could allow an...

SUSE CVE-2025-57804

h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without...

CVE-2025-57804

h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without...

Linux Distros Unpatched Vulnerability : CVE-2025-53643

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling...

Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability...

SUSE CVE-2025-53643

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed i.e. without the...

AZL-65256 CVE-2025-53643 affecting package python-aiohttp 3.6.2-3

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed i.e. without the...

AZL-65252 CVE-2025-53643 affecting package python-aiohttp 3.6.2-3

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed i.e. without the...

UBUNTU-CVE-2025-53643

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed i.e. without the...

GHSA-9548-QRRJ-X5PJ AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections

Summary The Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. Impact If a pure Python version of aiohttp is installed i.e. without the usual C extensions or AIOHTTPNOEXTENSIONS is enabled, then an attacker may be able to execu...

OESA-2025-1801 protobuf security update

Security Fixes: Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of...

OESA-2025-1800 protobuf security update

Security Fixes: Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of...