Lucene search
+L

4 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/04 5:43 p.m.11 views

CVE-2026-40898

quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.59.1, an attacker can cause excessive memory allocation in quic-go's HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large trailer field section with many unique field...

5.3CVSS6.8AI score0.00338EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/09/12 12:24 p.m.2 views

SUSE-SU-2025:03201-1 Security update for python-aiohttp

This update for python-aiohttp fixes the following issues: - CVE-2025-53643: request smuggling vulnerability due to incorrect parsing trailer sections of an HTTP request bsc1246517...

7.5CVSS5.8AI score0.00297EPSS
Exploits0References3
CVE
CVE
added 2025/07/14 8:17 p.m.125 views

CVE-2025-53643

CVE-2025-53643 (aiohttp) : Prior to 3.12.14, the Python parser is vulnerable to HTTP request smuggling due to not parsing trailer sections. If a pure-Python build (no C extensions) or AIOHTTP_NO_EXTENSIONS is used, an attacker may smuggle requests to bypass certain firewalls/proxy protections. Th...

7.5CVSS7.3AI score0.00297EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/07/14 7:33 p.m.9 views

GHSA-9548-QRRJ-X5PJ AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections

Summary The Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. Impact If a pure Python version of aiohttp is installed i.e. without the usual C extensions or AIOHTTPNOEXTENSIONS is enabled, then an attacker may be able to execu...

6.3CVSS6.9AI score0.00297EPSS
Exploits0References4
Rows per page
Query Builder