View at Official alpine advisory, NVD, CVE.org · CVE detail
Freshness: no update timestamp found; verify against the upstream OS advisory manually.
CVE-2025-69229: 1 source package rows (py3-aiohttp); 2 state rows across 2 repos (3.23-community, edge-community); fixed 2, open 0.
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, handling of chunked messages can result in excessive blocking CPU usage when receiving a large number of chunks. If an application makes use of the request.read() method in an endpoint, it may be possible for an attacker to cause the server to spend a moderate amount of blocking CPU time (e.g. 1 second) while processing the request. This could potentially lead to DoS as the server would be unable to handle other requests during that time. This issue is fixed in version 3.13.3.