Primary

Context

AIOHTTP Denial-of-Service Vulnerability via Uncontrolled Memory Exhaustion

Vulnerability

Patched

A denial-of-service vulnerability has been identified in AIOHTTP, an asynchronous HTTP client/server framework for Python. This issue affects versions through 3.13.2. The vulnerability arises when a request is crafted to exploit the server's memory management, particularly in handlers that utilize the Request.post() method. An attacker can cause the server to freeze by overwhelming its memory resources.

Impact

Exploitation of this vulnerability can lead to server freezing by exhausting available memory resources, causing a denial-of-service condition.

Remediation

Users can upgrade to AIOHTTP version 3.13.3 to address this vulnerability.

Added: Jan 6, 2026, 12:23 AM

Updated: Jan 6, 2026, 12:23 AM

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

2.5

exploitability

8.8

remediation

7.7

relevance

1.8

threat

3.2

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

2.5

exploitability

8.8

remediation

7.7

relevance

1.8

threat

3.2

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AIOHTTP Denial-of-Service Vulnerability via Uncontrolled Memory Exhaustion

Vulnerability

Impact

Remediation

Affected Products

aiohttp

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating