Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2025-69227
Summary
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions through 3.13.2 and 4.x through 4.0.0a1 allow for an infinite loop to occur when assert statements are bypassed, resulting in a Denial-of-Service (DoS) attack when processing a POST body. If optimizations are enabled (-O or PYTHONOPTIMIZE=1), and the application includes a handler that uses the "Request.post()" method, then an attacker may be able to execute a DoS attack with a specially crafted message.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- NONE
- HIGH
CWE-835 - Loop with Unreachable Exit Condition
Loops with multiple exits and flags detract from the quality of an application. They tend to make control structures difficult to understand, and introduce the risk of non-termination and other structural problems. The vulnerability “loop with unreachable exit condition” enables attackers to exploit this flaw, leading to denial of service.
References
Advisory Timeline
- Published
