CVE Vulnerabilities

CVE-2025-69223

Improper Handling of Highly Compressed Data (Data Amplification)

Published: Jan 05, 2026 | Modified: Jan 14, 2026
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
7.5 IMPORTANT
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Ubuntu
MEDIUM
root.io logo minimus.io logo echo.ai logo

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the hosts memory. This issue is fixed in version 3.13.3.

Weakness

The product does not handle or incorrectly handles a compressed input with a very high compression ratio that produces a large output.

Affected Software

NameVendorStart VersionEnd Version
AiohttpAiohttp*3.13.3 (excluding)
Red Hat Ansible Automation Platform 2.4 for RHEL 8RedHatautomation-controller-0:4.5.30-1.el8ap*
Red Hat Ansible Automation Platform 2.4 for RHEL 9RedHatautomation-controller-0:4.5.30-1.el9ap*
Red Hat Ansible Automation Platform 2.5 for RHEL 8RedHatautomation-controller-0:4.6.25-1.el8ap*
Red Hat Ansible Automation Platform 2.5 for RHEL 9RedHatautomation-controller-0:4.6.25-1.el9ap*
Red Hat Ansible Automation Platform 2.6 for RHEL 9RedHatautomation-controller-0:4.7.8-1.el9ap*
Red Hat Ansible Automation Platform 2.4RedHatansible-automation-platform-24/controller-rhel8:sha256:6407934968d4a6b83164a2d11870e46ab781c14445ab809b55acb9ce32b3a450*
Red Hat Ansible Automation Platform 2.5RedHatansible-automation-platform-25/controller-rhel8:sha256:d615f55b96ae5abf16d78672063c6f42f597ff8d3af8e526627558858d08a060*
Red Hat Ansible Automation Platform 2.6RedHatansible-automation-platform-26/controller-rhel9:sha256:4b8e801c5a11c97202e4415fbaf65cf2a3351bd6c7368bc492c01f75285f8d9e*
Red Hat Ansible Automation Platform 2.6RedHatansible-automation-platform-26/de-minimal-rhel9:sha256:7f64dd39779023cd008c3237b60b419821985d658d24429b92070db9224b2629*
Red Hat Ansible Automation Platform 2.6RedHatansible-automation-platform-26/de-supported-rhel9:sha256:1dd6b6b9d9426175830de6066033115287ec259d118d5214582730209f3b3e63*
Red Hat OpenShift AI 2.25RedHatrhoai/odh-kserve-storage-initializer-rhel9:sha256:26beb55e89fe94805cad1d718d64000a61ccef6510a360d57af7f4300a25ed49*
Red Hat OpenShift AI 2.25RedHatrhoai/odh-ml-pipelines-runtime-generic-rhel9:sha256:e15c9c336a37dc83afbb1b0a69a9b5dd50ac515f0cde2560a4d00ed6bba7d244*
Red Hat OpenShift AI 2.25RedHatrhoai/odh-openvino-model-server-rhel9:sha256:fbfd2e7078a290dc240310e34bdf65eaf4b4fec5f6d5440e400b5481960ef448*
Red Hat OpenShift AI 2.25RedHatrhoai/odh-pipeline-runtime-datascience-cpu-py312-rhel9:sha256:88fbe21741f4052b4fb118c652e5f39ae28937e8b60fad930945be8ac3351eec*
Red Hat OpenShift AI 2.25RedHatrhoai/odh-pipeline-runtime-minimal-cpu-py312-rhel9:sha256:d017ace8b157f711e269dd0a1f073235eaa9f4c58a7ff8fc974ae3d05efb80a6*
Red Hat OpenShift AI 2.25RedHatrhoai/odh-pipeline-runtime-pytorch-cuda-py312-rhel9:sha256:0780f52efa6c68ea2fb6371edfbd8b703157c38911803985bb1a676c84e073b5*
Red Hat OpenShift AI 2.25RedHatrhoai/odh-pipeline-runtime-pytorch-llmcompressor-cuda-py312-rhel9:sha256:a202c9ec6be34c4be1793e4f9f348077f345c450e0fcd04071d5092f266df9b4*
Red Hat OpenShift AI 2.25RedHatrhoai/odh-pipeline-runtime-pytorch-rocm-py312-rhel9:sha256:e18d2d006c8cd4e3d3816540e154f421e7550a96f73901a799c15a5b4fe576db*
Red Hat OpenShift AI 2.25RedHatrhoai/odh-pipeline-runtime-tensorflow-cuda-py312-rhel9:sha256:fa2b62d5001452ad077383bc63124f021bbef766fb104203a9a05bba87332d8e*
Red Hat OpenShift AI 2.25RedHatrhoai/odh-pipeline-runtime-tensorflow-rocm-py312-rhel9:sha256:3bdeae6f78230e1d966cf7a3f35ea821c808f40cc4c2abb7af9b1748f5611826*
Red Hat OpenShift AI 2.25RedHatrhoai/odh-ta-lmes-job-rhel9:sha256:eed2ac205ef82e2534e721cb23e9e4c2e7ceb41dcd3bf98267c2cf987112db19*
Red Hat OpenShift AI 2.25RedHatrhoai/odh-vllm-cuda-rhel9:sha256:1e8b4f9fdc32213a45824c441171218fd4814ff5ea718b31fc0f74d9322f1a3f*
Red Hat OpenShift AI 2.25RedHatrhoai/odh-vllm-rocm-rhel9:sha256:7cf5a595faf09636baa94db52be028d4d4d1e2be0fc4748d276719387b2de3b4*
Red Hat OpenShift AI 2.25RedHatrhoai/odh-workbench-jupyter-datascience-cpu-py312-rhel9:sha256:6061305164604c2715095f95b8a5ffad2acebb8e7e9db1483c7f9305626f396e*
Red Hat OpenShift AI 2.25RedHatrhoai/odh-workbench-jupyter-minimal-cpu-py312-rhel9:sha256:7ea4b2d6a2da83adf6680f65621575c4cae8ac246d52c6a59c1bebc6d7c73295*
Red Hat OpenShift AI 2.25RedHatrhoai/odh-workbench-jupyter-minimal-cuda-py312-rhel9:sha256:0a10e0df52a41f7ca9053f3292befde92ab9e1c2965bc3a2bdbe51eaeb5b8e48*
Red Hat OpenShift AI 2.25RedHatrhoai/odh-workbench-jupyter-minimal-rocm-py312-rhel9:sha256:158c783d59cdbdb9028c4dd760632edd7295330b5dcebbe0017bff4089635c3a*
Red Hat OpenShift AI 2.25RedHatrhoai/odh-workbench-jupyter-pytorch-cuda-py312-rhel9:sha256:fbe346eafcfbb867f595cbad5ea0190fabbabc61ad80a4be2265e0e2b0149f68*
Red Hat OpenShift AI 2.25RedHatrhoai/odh-workbench-jupyter-pytorch-llmcompressor-cuda-py312-rhel9:sha256:fec8bf2d539fd00df8854a723bae98b7e173c43153c3132ba459bc0e9a86ae35*
Red Hat OpenShift AI 2.25RedHatrhoai/odh-workbench-jupyter-pytorch-rocm-py312-rhel9:sha256:b19482e4008ac03a39b432fb3056bb1ab372ef1617df5bbfe784bc2910b6827a*
Red Hat OpenShift AI 2.25RedHatrhoai/odh-workbench-jupyter-tensorflow-cuda-py312-rhel9:sha256:1213d9e9a56ec3fddb887082d95c2ac168876eee8592aba265aeadd7ffad3898*
Red Hat OpenShift AI 2.25RedHatrhoai/odh-workbench-jupyter-tensorflow-rocm-py312-rhel9:sha256:85abac79e8d09b61a9fffb0b5d3fd2a3f9da65bad9573a72cecb878a81357dcf*
Red Hat OpenShift AI 2.25RedHatrhoai/odh-workbench-jupyter-trustyai-cpu-py312-rhel9:sha256:b14e6b2a5f4b66dacfcd6c336e2a9e057b1d3ce7de902f0090d9a150a8292a84*
Red Hat OpenShift AI 2.25RedHatrhoai/odh-ml-pipelines-runtime-generic-rhel9:sha256:114fd9b55f5ea28a16c3fe2eef773a4cb4693c1885ef6193399cfea278191acb*
Red Hat OpenShift AI 2.25RedHatrhoai/odh-openvino-model-server-rhel9:sha256:84739168d6ea2813c5b9666773166649a6b328a279dac80b61c51311a6a2943a*
Python-aiohttpUbuntuesm-apps/bionic*
Python-aiohttpUbuntuesm-apps/focal*
Python-aiohttpUbuntuesm-apps/jammy*
Python-aiohttpUbuntuesm-apps/noble*
Python-aiohttpUbuntuesm-apps/xenial*
Python-aiohttpUbuntujammy*
Python-aiohttpUbuntunoble*
Python-aiohttpUbuntuplucky*
Python-aiohttpUbuntuquesting*
Python-aiohttpUbuntuupstream*

References