CVE-2023-47641

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-47641
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-47641.json
Aliases
Published
2023-11-14T21:15:13Z
Modified
2023-11-29T10:20:21.824612Z
Details

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protocol. HTTP/1.1 is a persistent protocol, if both Content-Length(CL) and Transfer-Encoding(TE) header values are present it can lead to incorrect interpretation of two entities that parse the HTTP and we can poison other sockets with this incorrect interpretation. A possible Proof-of-Concept (POC) would be a configuration with a reverse proxy(frontend) that accepts both CL and TE headers and aiohttp as backend. As aiohttp parses anything with chunked, we can pass a chunked123 as TE, the frontend entity will ignore this header and will parse Content-Length. The impact of this vulnerability is that it is possible to bypass any proxy rule, poisoning sockets to other users like passing Authentication Headers, also if it is present an Open Redirect an attacker could combine it to redirect random users to another website and log the request. This vulnerability has been addressed in release 3.8.0 of aiohttp. Users are advised to upgrade. There are no known workarounds for this vulnerability.

References

Affected packages

Git / github.com/aio-libs/aiohttp

Affected ranges

Type
GIT
Repo
https://github.com/aio-libs/aiohttp
Events
Introduced
0The exact introduced commit is unknown
Fixed

Affected versions

0.*

0.15.2
0.8.2

1.*

1.3.0

2.*

2.0.0
2.0.0rc1
2.0.1
2.0.2
2.0.3
2.0.3-1
2.0.4
2.0.5
2.0.6
2.0.7

4v0.*

4v0.21.6

v.*

v.0.6.5

v0.*

v0.1
v0.10.0
v0.10.1
v0.10.2
v0.11.0
v0.12.0
v0.13.0
v0.13.1
v0.14.0
v0.14.1
v0.14.2
v0.14.3
v0.14.4
v0.15.0
v0.15.1
v0.15.2
v0.15.3
v0.16.0
v0.16.1
v0.16.2
v0.16.3
v0.16.4
v0.16.5
v0.16.6
v0.17.0
v0.17.1
v0.17.2
v0.17.3
v0.17.4
v0.18.0
v0.18.1
v0.18.2
v0.18.3
v0.18.4
v0.19.0
v0.2
v0.20.0
v0.20.1
v0.20.2
v0.21.0
v0.21.0a0
v0.21.0a1
v0.21.0a2
v0.21.1
v0.21.2
v0.21.3
v0.21.4
v0.21.5
v0.21.6
v0.22.0
v0.22.0b0
v0.22.0b1
v0.22.0b2
v0.22.0b3
v0.22.0b4
v0.22.0b5
v0.22.0b6
v0.22.1
v0.22.2
v0.22.3
v0.22.4
v0.22.5
v0.3
v0.4
v0.4.1
v0.4.2
v0.5.0
v0.6.1
v0.6.2
v0.6.3
v0.6.4
v0.7.0
v0.7.1
v0.7.2
v0.7.3
v0.8.0
v0.8.1
v0.8.3
v0.8.4
v0.9.0
v0.9.1
v0.9.2
v0.9.3

v1.*

v1.0.0
v1.0.1
v1.0.2
v1.0.4
v1.0.5
v1.1.0
v1.1.1
v1.1.2
v1.1.3
v1.1.4
v1.1.5
v1.1.6
v1.2.0

v2.*

v2.1.0
v2.2.0
v2.2.1
v2.2.2
v2.2.3
v2.2.4
v2.2.5
v2.3.0
v2.3.0a1
v2.3.0a2
v2.3.0a3
v2.3.0a4
v2.3.1
v2.3.10
v2.3.1a1
v2.3.2
v2.3.2b1
v2.3.2b2
v2.3.2b3
v2.3.3
v2.3.4
v2.3.5
v2.3.6
v2.3.7
v2.3.8
v2.3.9

v3.*

v3.0.0
v3.0.0b0
v3.0.0b1
v3.0.0b2
v3.0.0b3
v3.0.0b4
v3.0.1
v3.0.2
v3.0.3
v3.0.4
v3.0.5
v3.0.6
v3.0.7
v3.0.8
v3.0.9
v3.1.0
v3.1.1
v3.1.2
v3.2.0
v3.2.1
v3.3.0
v3.3.1
v3.3.1b1
v3.3.2
v3.3.2a0
v3.4.0
v3.4.0a0
v3.4.0a3
v3.4.0b1
v3.4.0b2
v3.4.1
v3.4.2
v3.4.3
v3.4.4
v3.5.0
v3.5.0a1
v3.5.0b1
v3.5.0b2
v3.5.0b3
v3.5.1
v3.5.2
v3.5.3
v3.5.4
v3.6.0
v3.6.0a0
v3.6.0a1
v3.6.0a10
v3.6.0a11
v3.6.0a12
v3.6.0a2
v3.6.0a3
v3.6.0a4
v3.6.0a5
v3.6.0a6
v3.6.0a7
v3.6.0a8
v3.6.0a9
v3.6.0b0
v3.6.1
v3.6.1b3
v3.6.1b4
v3.6.2
v3.6.2a1
v3.6.2a2
v3.7.0
v3.7.0b0
v3.7.0b1
v3.7.1
v3.7.2
v3.7.3
v3.7.4
v3.7.4.post0