Vulnerabilities > CVE-2022-33124 - Unspecified vulnerability in Aiohttp 3.8.1

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

aiohttp

NVD

Published: 2022-06-23

Updated: 2024-04-11

Summary

AIOHTTP 3.8.1 can report a "ValueError: Invalid IPv6 URL" outcome, which can lead to a Denial of Service (DoS). NOTE: multiple third parties dispute this issue because there is no example of a context in which denial of service would occur, and many common contexts have exception handing in the calling application

Vulnerable Configurations

Part	Description	Count
Application	Aiohttp Aiohttp Aiohttp 3.8.1	1

References

https://github.com/aio-libs/aiohttp/issues/6772