5 matches found
Linux Distros Unpatched Vulnerability : CVE-2024-52303
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions starting with 3.10.6 and prior to 3.10.11, a memory leak can occur...
SUSE CVE-2024-52303
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions starting with 3.10.6 and prior to 3.10.11, a memory leak can occur when a request produces a MatchInfoError. This was caused by adding an entry to a cache on each request, due to the building of each...
HTTP Request Smuggling
Overview Affected versions of this package are vulnerable to HTTP Request Smuggling due to incorrect parsing of newlines in chunk extensions via the feeddata function. An attacker can bypass firewall or proxy protections by sending specially crafted requests. Note: Exploiting this vulnerability i...
Missing Release of Resource after Effective Lifetime
Overview Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime by creating a unique cache entry for each MatchInfoError when a request method is not allowed. This can lead to unbounded cache growth, resulting in a memory leak. Remediation Upgrade...
PT-2024-8691
Name of the Vulnerable Software and Affected Versions aiohttp versions 3.10.6 through 3.10.10 Description A memory leak can occur when a request produces a MatchInfoError. This issue is caused by adding an entry to a cache on each request, due to the building of each MatchInfoError producing a...