4 matches found
CVE-2026-54274
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, if an attacker sends large incomplete websocket frame payloads, it may be possible to bypass the usual size limits on memory use. This vulnerability is fixed in 3.14.1...
CVE-2026-54274
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, if an attacker sends large incomplete websocket frame payloads, it may be possible to bypass the usual size limits on memory use. This vulnerability is fixed in 3.14.1...
CVE-2026-54274
The CVE-2026-54274 entry concerns AIOHTTP (async HTTP framework for asyncio/Python). It identifies that prior to version 3.14.1, an attacker could send large incomplete websocket frame payloads, potentially bypassing memory-use limits. The vulnerability affects AIOHTTP’s websocket handling logic ...
aiohttp: Incomplete websocket frame payloads bypass memory limits
Summary If an attacker sends large incomplete websocket frame payloads, it may be possible to bypass the usual size limits on memory use. Impact If a web application has WebSocket endpoints, it may be possible for an attacker to execute a DoS attack through excessive memory use. ----- Patch:...