7.5

CVE-2024-30251

EPSS 0.3%
Veröffentlicht 02.05.2024 14:15:09
Zuletzt bearbeitet 21.08.2025 15:23:59
Quelle security-advisories@github.com
Teams Watchlist Login
Unerledigt Login

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST (multipart/form-data) request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further requests. An attacker can stop the application from serving requests after sending a single request. This issue has been addressed in version 3.9.4. Users are advised to upgrade. Users unable to upgrade may manually apply a patch to their systems. Please see the linked GHSA for instructions.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Aiohttp ≫ Aiohttp Version < 3.9.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.3%	0.524

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

http://www.openwall.com/lists/oss-security/2024/05/02/4

Mailing List

https://github.com/aio-libs/aiohttp/commit/7eecdff163ccf029fbb1ddc9de4169d4aaeb6597

Patch

https://github.com/aio-libs/aiohttp/commit/cebe526b9c34dc3a3da9140409db63014bc4cf19

Patch

https://github.com/aio-libs/aiohttp/commit/f21c6f2ca512a026ce7f0f6c6311f62d6a638866

Patch

https://github.com/aio-libs/aiohttp/security/advisories/GHSA-5m98-qgg9-wh84

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-30251

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-30251

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-30251

EUVD