CVE-2024-52304 Overview
CVE-2024-52304 is an HTTP Request Smuggling vulnerability [CWE-444] in aiohttp, an asynchronous HTTP client/server framework for Python. The flaw affects versions prior to 3.10.11 when the pure Python parser handles chunked transfer encoding. The Python parser incorrectly processes newline characters within chunk extensions, allowing crafted requests to desynchronize backend parsing. Exploitation requires either a pure Python installation of aiohttp without the C extensions, or the AIOHTTP_NO_EXTENSIONS environment variable set. An attacker can leverage this parsing inconsistency to smuggle requests past upstream firewalls or reverse proxies that interpret the same traffic differently than aiohttp.
Critical Impact
Attackers can bypass firewall and proxy protections by smuggling crafted HTTP requests through aiohttp's Python chunk parser, enabling access controls to be circumvented in front-of-aiohttp deployments.
Affected Products
- aiohttp versions prior to 3.10.11 (pure Python parser)
- Deployments with AIOHTTP_NO_EXTENSIONS=1 environment variable enabled
- Python environments where aiohttp C extensions are not installed
Discovery Timeline
- 2024-11-18 - CVE-2024-52304 published to NVD
- 2024-11-18 - aiohttp publishes GitHub Security Advisory GHSA-8495-4g3g-x7pr
- 2025-02 - Debian LTS Announcement released
- 2025-11-03 - Last updated in NVD database
Technical Details for CVE-2024-52304
Vulnerability Analysis
The vulnerability resides in aiohttp's pure Python HTTP parser at aiohttp/http_parser.py. When parsing chunked transfer-encoded bodies, the parser searches for the chunk extension delimiter ; (CHUNK_EXT) to separate the chunk size from optional extensions. The parser failed to validate that the extracted chunk extension contained no embedded line feed (\n) characters. An attacker can embed an LF byte inside a chunk extension to terminate the chunk header prematurely from the perspective of one parser while a different upstream parser interprets the bytes as part of the extension. This parser disagreement is the core mechanic of HTTP Request Smuggling.
Root Cause
The defect is improper input validation of chunk-extension content. The Python parser stripped chunk extensions without ensuring the extension region was free of CRLF-related control characters. The C-extension parser was not affected, which limits exploitability to deployments using the pure Python implementation.
Attack Vector
Exploitation is network-based and unauthenticated. An attacker sends a chunked HTTP request through an intermediary (load balancer, WAF, or reverse proxy) that forwards traffic to an aiohttp server. By embedding \n inside a chunk extension, the attacker causes the front-end and back-end to disagree on request boundaries. The smuggled request can bypass front-end security controls, including authentication and request filtering rules enforced only at the proxy layer.
i = chunk.find(CHUNK_EXT, 0, pos)
if i >= 0:
size_b = chunk[:i] # strip chunk-extensions
+ # Verify no LF in the chunk-extension
+ if b"\n" in (ext := chunk[i:pos]):
+ exc = BadHttpMessage(
+ f"Unexpected LF in chunk-extension: {ext!r}"
+ )
+ set_exception(self.payload, exc)
+ raise exc
else:
size_b = chunk[:pos]
Source: aiohttp commit 259edc3 — the patch rejects any chunk extension containing an embedded line feed by raising BadHttpMessage.
Detection Methods for CVE-2024-52304
Indicators of Compromise
- HTTP requests containing Transfer-Encoding: chunked with embedded \n characters inside chunk extensions following the ; delimiter
- Mismatched Content-Length and chunked encoding pairings reaching aiohttp endpoints behind a proxy
- aiohttp application logs showing unexpected request fragmentation or duplicate request lines on a single connection
Detection Strategies
- Inventory all Python services to identify aiohttp versions prior to 3.10.11, particularly containers built without C build tools where pure Python wheels were installed
- Detect environments where AIOHTTP_NO_EXTENSIONS=1 is set in process environments or container manifests
- Inspect proxy and WAF logs for chunked requests containing non-printable characters in chunk extension fields
Monitoring Recommendations
- Enable verbose HTTP request logging at both the reverse proxy and aiohttp application layer and reconcile request counts across tiers
- Alert on BadHttpMessage exceptions emitted by aiohttp after patching, which indicate ongoing smuggling attempts
- Monitor for anomalous request pipelining patterns on long-lived keep-alive connections terminating at aiohttp services
How to Mitigate CVE-2024-52304
Immediate Actions Required
- Upgrade aiohttp to version 3.10.11 or later across all Python services and rebuild affected container images
- Audit deployments for the AIOHTTP_NO_EXTENSIONS flag and remove it unless explicitly required
- Reinstall aiohttp with C extensions present (pip install --no-binary :none: aiohttp with a working compiler, or install pre-built wheels that bundle the C parser)
Patch Information
The fix is committed in aiohttp commit 259edc3 and shipped in aiohttp 3.10.11. The patch adds validation to reject chunk extensions containing an LF byte, raising BadHttpMessage and terminating the request. Debian users should apply the update referenced in the Debian LTS Announcement.
Workarounds
- Ensure the aiohttp C extensions are installed and active, which bypasses the vulnerable Python parser entirely
- Configure upstream proxies to strip or reject HTTP requests containing chunk extensions, since chunk extensions are rarely used by legitimate clients
- Place a strict-parsing reverse proxy in front of aiohttp that normalizes chunked encoding before forwarding requests
# Upgrade aiohttp to the patched release
pip install --upgrade "aiohttp>=3.10.11"
# Verify the C extension is loaded (should print: True)
python -c "from aiohttp import http_parser; print(http_parser.HttpRequestParserC is not None)"
# Ensure AIOHTTP_NO_EXTENSIONS is not set
unset AIOHTTP_NO_EXTENSIONS
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
