How severe is CVE-2024-52303?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2024-52303?

This is classified as CWE-772, which is a common weakness in software security.

CVE-2024-52303 - HIGH Severity | CVSS 7.5

Vulnerability Description

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions starting with 3.10.6 and prior to 3.10.11, a memory leak can occur when a request produces a MatchInfoError. This was caused by adding an entry to a cache on each request, due to the building of each MatchInfoError producing a unique cache entry. An attacker may be able to exhaust the memory resources of a server by sending a substantial number (100,000s to millions) of such requests. Those who use any middlewares with aiohttp.web should upgrade to version 3.10.11 to receive a patch.

Related Vulnerabilities

CVE-1999-1127

HIGH

CVSS:7.5(High)

Windows NT 4.0 does not properly shut down invalid named pipe RPC connections, which allows remote attackers to cause a denial of service (resource exhaustion) via a series of connections containing m...

CWE-7721999

CVE-2001-0830

HIGH

CVSS:7.5(High)

6tunnel 0.08 and earlier does not properly close sockets that were initiated by a client, which allows remote attackers to cause a denial of service (resource exhaustion) by repeatedly connecting to a...

CWE-7722001

CVE-2007-0897

HIGH

CVSS:7.5(High)

Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scan...

CWE-7722007

CVE-2007-4103

HIGH

CVSS:7.5(High)

The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x before 1.2.23, 1.4.x before 1.4.9, and Asterisk Appliance Developer Kit before 0.6.0, when configured to allow unauthenticated calls, allows ...

CWE-7722007

CVE-2008-2122

HIGH

CVSS:7.5(High)

IBM Rational Build Forge 7.0.2 allows remote attackers to cause a denial of service (CPU consumption) via a port scan, which spawns multiple bfagent server processes that attempt to read data from clo...

CWE-7722008

CVE-2010-4657

HIGH

CVSS:7.5(High)

PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output.

CWE-7722010