GHSA-xcgm-r5h9-7989Medium
aiohttp: Incomplete websocket frame payloads bypass memory limits
🔗 CVE IDs covered (1)
📋 Description
Summary
If an attacker sends large incomplete websocket frame payloads, it may be possible to bypass the usual size limits on memory use.
Impact
If a web application has WebSocket endpoints, it may be possible for an attacker to execute a DoS attack through excessive memory use.
Patch: https://github.com/aio-libs/aiohttp/commit/14b6ee851fb16ec199acb950de0c82d476799e7d
🎯 Affected products1
- pip/aiohttp:<= 3.14.0