Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-69229

Опубликовано: 06 янв. 2026
Источник: debian
EPSS Низкий

Описание

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, handling of chunked messages can result in excessive blocking CPU usage when receiving a large number of chunks. If an application makes use of the request.read() method in an endpoint, it may be possible for an attacker to cause the server to spend a moderate amount of blocking CPU time (e.g. 1 second) while processing the request. This could potentially lead to DoS as the server would be unable to handle other requests during that time. This issue is fixed in version 3.13.3.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
python-aiohttpfixed3.13.3-1package

Примечания

  • https://github.com/aio-libs/aiohttp/security/advisories/GHSA-g84x-mcqj-x9qq

  • Fixed by: https://github.com/aio-libs/aiohttp/commit/dc3170b56904bdf814228fae70a5501a42a6c712 (v3.13.3)

  • Fixed by: https://github.com/aio-libs/aiohttp/commit/4ed97a4e46eaf61bd0f05063245f613469700229 (v3.13.3)

EPSS

Процентиль: 17%
0.00052
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2025-69229

ubuntu
10 дней назад

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, handling of chunked messages can result in excessive blocking CPU usage when receiving a large number of chunks. If an application makes use of the request.read() method in an endpoint, it may be possible for an attacker to cause the server to spend a moderate amount of blocking CPU time (e.g. 1 second) while processing the request. This could potentially lead to DoS as the server would be unable to handle other requests during that time. This issue is fixed in version 3.13.3.

nvd логотип

CVE-2025-69229

nvd
10 дней назад

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, handling of chunked messages can result in excessive blocking CPU usage when receiving a large number of chunks. If an application makes use of the request.read() method in an endpoint, it may be possible for an attacker to cause the server to spend a moderate amount of blocking CPU time (e.g. 1 second) while processing the request. This could potentially lead to DoS as the server would be unable to handle other requests during that time. This issue is fixed in version 3.13.3.

github логотип

GHSA-g84x-mcqj-x9qq

github
10 дней назад

AIOHTTP vulnerable to DoS through chunked messages

EPSS

Процентиль: 17%
0.00052
Низкий