CVE-2022-33124

Publication date 23 June 2022

Last updated 24 July 2024

Ubuntu priority

Cvss 3 Severity Score

** DISPUTED ** AIOHTTP 3.8.1 can report a “ValueError: Invalid IPv6 URL” outcome, which can lead to a Denial of Service (DoS). NOTE: multiple third parties dispute this issue because there is no example of a context in which denial of service would occur, and many common contexts have exception handing in the calling application.

Read the notes from the security team

Status

Show unmaintained releases

No information for any release.

How can I get the fixes?
What do statuses mean?

Notes

ccdm94

upstream has marked this issue as invalid.

Severity score breakdown

Parameter	Value
Base score	5.5 · Medium
Attack vector	Local
Attack complexity	Low
Privileges required	None
User interaction	Required
Scope	Unchanged
Confidentiality	None
Integrity impact	None
Availability impact	High
Vector	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References

MITRE
NVD
Launchpad
Debian

Other references

https://github.com/aio-libs/aiohttp/issues/6772
https://www.cve.org/CVERecord?id=CVE-2022-33124