CVE-2024-52303

ADVISORY - github

Summary

A memory leak can occur when a request produces a MatchInfoError. This was caused by adding an entry to a cache on each request, due to the building of each MatchInfoError producing a unique cache entry.

Impact

If the user is making use of any middlewares with aiohttp.web then it is advisable to upgrade immediately.

An attacker may be able to exhaust the memory resources of a server by sending a substantial number (100,000s to millions) of such requests.

Patch: https://github.com/aio-libs/aiohttp/commit/bc15db61615079d1b6327ba42c682f758fa96936

EPSS Score⁠: 0.00291 (0.522)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-772⁠

Missing Release of Resource after Effective Lifetime

ADVISORY - github

CWE-772⁠

Missing Release of Resource after Effective Lifetime

ADVISORY - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-772⁠

Missing Release of Resource after Effective Lifetime

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-772⁠

Missing Release of Resource after Effective Lifetime

Impacted images

Advisories

NIST

CREATED

1 year ago

UPDATED

4 months ago

ADVISORY IDCVE-2024-52303⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-772⁠

CVSS SCORE

8.7high

GitHub

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY IDGHSA-27mf-ghqm-j3j8⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-772⁠

CVSS SCORE

6.9medium

Debian

CREATED

1 year ago

UPDATED

2 months ago

ADVISORY IDCVE-2024-52303⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Ubuntu

CREATED

1 year ago

UPDATED

5 months ago

ADVISORY IDCVE-2024-52303⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

GitLab

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CVE-2024-52303

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1035⁠CWE-772⁠CWE-937⁠

CVSS SCORE

7.5high

Red Hat

CREATED

1 year ago

UPDATED

9 months ago

ADVISORY IDCVE-2024-52303⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-772⁠

CVSS SCORE

7.5high

Chainguard

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CGA-48j3-hqpv-g3q7

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CGA-5wqx-gwjc-m857

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CGA-h845-33v5-xp9j

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

7 months ago

UPDATED

7 months ago

ADVISORY ID

CGA-mfcx-vcvm-458r

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY