3 matches found
DEBIAN-CVE-2026-49855
Tornado is a Python web framework and asynchronous networking library. Prior to 6.5.6, Tornado gzip decompression routines processed limited-size chunks but did not enforce an overall limit on accumulated decompressed chunks, allowing a malicious server accessed by SimpleAsyncHTTPClient or an...
CVE-2026-49855 tornado AsyncHTTPClient accumulates decompressed chunks without size limit (gzip bomb)
Tornado is a Python web framework and asynchronous networking library. Prior to 6.5.6, Tornado gzip decompression routines processed limited-size chunks but did not enforce an overall limit on accumulated decompressed chunks, allowing a malicious server accessed by SimpleAsyncHTTPClient or an...
Improper Handling of Highly Compressed Data (Data Amplification)
Overview tornado is a Python web framework and asynchronous networking library, originally developed at FriendFeed. Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification in the AsyncHTTPClient. An attacker can cause excessive memory...