CVE-2022-33124

AIOHTTP 3.8.1 can report a "ValueError: Invalid IPv6 URL" outcome, which can lead to a Denial of Service (DoS). NOTE: multiple third parties dispute this issue because there is no example of a context in which denial of service would occur, and many common contexts have exception handing in the calling application

CVSS v3 5.5 MEDIUM
CVSS v2.0 4.3 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://github.com/aio-libs/aiohttp/issues/6772	Exploit Issue Tracking Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:aiohttp:aiohttp:3.8.1:*:*:*:*:*:*:*

History

22 Nov 2023, 17:09

Type	Values Removed	Values Added
First Time		Aiohttp Aiohttp aiohttp
CPE	cpe:2.3:a:aiohttp_project:aiohttp:3.8.1:::::::*	cpe:2.3:a:aiohttp:aiohttp:3.8.1:::::::*

07 Nov 2023, 03:48

Type	Values Removed	Values Added
Summary	DISPUTED AIOHTTP 3.8.1 can report a "ValueError: Invalid IPv6 URL" outcome, which can lead to a Denial of Service (DoS). NOTE: multiple third parties dispute this issue because there is no example of a context in which denial of service would occur, and many common contexts have exception handing in the calling application.	AIOHTTP 3.8.1 can report a "ValueError: Invalid IPv6 URL" outcome, which can lead to a Denial of Service (DoS). NOTE: multiple third parties dispute this issue because there is no example of a context in which denial of service would occur, and many common contexts have exception handing in the calling application

01 Jul 2022, 13:16

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 4.3 v3 : 5.5
CWE		NVD-CWE-Other
References	~~(MISC) https://github.com/aio-libs/aiohttp/issues/6772 -~~	(MISC) https://github.com/aio-libs/aiohttp/issues/6772 - Exploit, Issue Tracking, Third Party Advisory
First Time		Aiohttp Project Aiohttp Project aiohttp
CPE		cpe:2.3:a:aiohttp_project:aiohttp:3.8.1:::::::*

26 Jun 2022, 20:15

Type	Values Removed	Values Added
Summary	~~aiohttp v3.8.1 was discovered to contain an invalid IPv6 URL which can lead to a Denial of Service (DoS).~~	DISPUTED AIOHTTP 3.8.1 can report a "ValueError: Invalid IPv6 URL" outcome, which can lead to a Denial of Service (DoS). NOTE: multiple third parties dispute this issue because there is no example of a context in which denial of service would occur, and many common contexts have exception handing in the calling application.

23 Jun 2022, 17:19

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-06-23 17:15

Updated : 2024-04-11 01:15

NVD link : CVE-2022-33124

Mitre link : CVE-2022-33124

CVE.ORG link : CVE-2022-33124

JSON object : View

Products Affected

aiohttp

aiohttp

CWE

NVD-CWE-Other

5.5 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.3 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2022-33124

5.5^/10

4.3^/10

Attach tags to `CVE-2022-33124`