NVD脆弱性詳細

Exploit、PoC検索

NVD脆弱性検索トップ

->

NVD脆弱性詳細

CVE-2026-54278

概要	AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, during cleanup it is possible for a compressed request body to be decompressed into memory in one chunk. An attacker may be able to send a compressed payload in specific situations that could be decompressed into memory, potentially leading to DoS (a zip bomb edge case). This vulnerability is fixed in 3.14.1.
公表日	2026年6月23日3:16
登録日	2026年6月27日4:11
最終更新日	2026年6月24日0:16

関連情報、対策とツール

No	URL	refsource	タグ
1	https://github.com/aio-libs/aiohttp/commit/4f7480e474cccc6a8cc2c92ad3f17a31dedf8232	security-advisories@github.com
2	https://github.com/aio-libs/aiohttp/security/advisories/GHSA-g3cq-j2xw-wf74	security-advisories@github.com

共通脆弱性一覧

No	CWE	名前	URL
1	CWE-409	高圧縮データの不適切な処理 (データ増幅)	https://cwe.mitre.org/data/definitions/409.html