Vmfunc

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.13.4 Description The C parser, used by default in most installations, allowed null bytes and control characters within response headers. An attacker could leverage this to send header values that are interpreted unexpectedly due to the presence of control characters. For example, `request.url.origin()` might return a different value than the raw Host header, potentially leading to a security bypass. Recommendations Update to version 3.13.4 or later.

**Name of the Vulnerable Software and Affected Versions** UltraJSON versions 5.10 through 5.11.0 **Description** UltraJSON, a fast JSON encoder and decoder written in C, is susceptible to a buffer overflow or infinite loop when processing large indent values. Specifically, the `ujson.dumps()` function can crash the Python interpreter due to a segmentation fault if the product of the `indent` parameter and the nested depth of the input exceeds the maximum value of a 32-bit integer (INT32 MAX). Additionally, a large negative `indent` value can cause the function to enter an infinite loop. These issues stem from an integer overflow or underflow during memory allocation for indentation. Exploitation requires a service to call `ujson.dump()`, `ujson.dumps()`, or `ujson.encode()` while allowing untrusted users to control the `indent` parameter without restricting it to reasonable non-negative values. A service may also be vulnerable to the infinite loop if it uses a fixed negative `indent`. **Recommendations** UltraJSON versions 5.10 through 5.11.0 should be updated to version 5.12.0 or later. As a temporary workaround, ensure the `indent` parameter is non-negative and not excessively large. Avoid using negative indent values. Restrict access to the `ujson.dumps()` function if untrusted users can control the `indent` parameter.