Memory Leak in Aiohttp Framework via MatchInfoError Causes Server Risk
CVE-2024-52303
Currently unrated
What is CVE-2024-52303?
Aiohttp, an asynchronous HTTP client/server framework for asyncio in Python, is vulnerable to a memory leak in versions from 3.10.6 to 3.10.10. This issue is triggered when a request results in a MatchInfoError, leading to the creation of unique cache entries for each error. An attacker could exploit this flaw by sending a large volume of requests, potentially exhausting server memory resources. Upgrading to version 3.10.11 is essential for users of aiohttp.web with any middlewares implemented in order to mitigate this risk.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.