Security Advisory

CVE-2025-69223

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-01-05 22:00:17

Last updated 2026-01-06 19:04:01

Assigner GitHub_M

State PUBLISHED

Description

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the hosts memory. This issue is fixed in version 3.13.3.

← Browse all CVEs View on cve.org ↗