The parser allows non-ASCII decimals to be present in the Range header.
There is no known impact, but there is the possibility that there's a method to exploit a request smuggling vulnerability.
Patch: https://github.com/aio-libs/aiohttp/commit/c7b7a044f88c71cefda95ec75cdcfaa4792b3b96