6 matches found
CVE-2026-54274 AIOHTTP: Incomplete websocket frame payloads bypass memory limits
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, if an attacker sends large incomplete websocket frame payloads, it may be possible to bypass the usual size limits on memory use. This vulnerability is fixed in 3.14.1...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the websocket checks. An attacker can exhaust system memory by sending large incomplete frame payloads, potentially leading to service disruption. Remediation Upgrade aiohttp to...
PT-2026-49588
Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.14.1 Description An issue exists in the asynchronous HTTP client/server framework where an attacker can send large incomplete websocket frame payloads. This allows the attacker to bypass standard memory use size...
CVE-2026-5071 can: Local Denial of Service via SocketCAN Send
The SocketCAN implementation validates the length of a user-provided buffer containing a socketcanframe object using only a NETASSERT statement in zcansendtoctx before dereferencing it in socketcantocanframe. In production builds where assertions are disabled, a userspace application that control...
CVE-2017-13196
In several places in ihevcddecode.c, a dead loop could occur due to incomplete frames which could lead to memory leaks. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation...
Design/Logic Flaw
In several places in ihevcddecode.c, a dead loop could occur due to incomplete frames which could lead to memory leaks. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation...