CVE-2024-30251

HIGH Year: 2024
CVSS v3 Score
7.5
High
Weakness Type
CWE-835
View all →

Vulnerability Description

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST (multipart/form-data) request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further requests. An attacker can stop the application from serving requests after sending a single request. This issue has been addressed in version 3.9.4. Users are advised to upgrade. Users unable to upgrade may manually apply a patch to their systems. Please see the linked GHSA for instructions.

Related Vulnerabilities

CVE-2011-1142

HIGH
CVSS:7.5(High)

Stack consumption vulnerability in the dissect_ber_choice function in the BER dissector in Wireshark 1.2.x through 1.2.15 and 1.4.x through 1.4.4 might allow remote attackers to cause a denial of serv...

CWE-8352011

CVE-2013-10005

HIGH
CVSS:7.5(High)

The RemoteAddr and LocalAddr methods on the returned net.Conn may call themselves, leading to an infinite loop which will crash the program due to a stack overflow.

CWE-8352013

CVE-2013-3722

HIGH
CVSS:7.5(High)

A Denial of Service (infinite loop) exists in OpenSIPS before 1.10 in lookup.c.

CWE-8352013

CVE-2013-7488

HIGH
CVSS:7.5(High)

perl-Convert-ASN1 (aka the Convert::ASN1 module for Perl) through 0.27 allows remote attackers to cause an infinite loop via unexpected input.

CWE-8352013

CVE-2016-4970

HIGH
CVSS:7.5(High)

handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop).

CWE-8352016

CVE-2016-5042

HIGH
CVSS:7.5(High)

The dwarf_get_aranges_list function in libdwarf before 20160923 allows remote attackers to cause a denial of service (infinite loop and crash) via a crafted DWARF section.

CWE-8352016