Lucene search
K

4 matches found

NVD
NVD
added 2026/06/22 6:16 p.m.12 views

CVE-2026-54274

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, if an attacker sends large incomplete websocket frame payloads, it may be possible to bypass the usual size limits on memory use. This vulnerability is fixed in 3.14.1...

8.7CVSS0.00305EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/22 4:33 p.m.3 views

CVE-2026-54274

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, if an attacker sends large incomplete websocket frame payloads, it may be possible to bypass the usual size limits on memory use. This vulnerability is fixed in 3.14.1...

8.7CVSS5.8AI score0.00305EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/22 4:33 p.m.32 views

CVE-2026-54274

The CVE-2026-54274 entry concerns AIOHTTP (async HTTP framework for asyncio/Python). It identifies that prior to version 3.14.1, an attacker could send large incomplete websocket frame payloads, potentially bypassing memory-use limits. The vulnerability affects AIOHTTP’s websocket handling logic ...

8.7CVSS5.8AI score0.00305EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 8:11 p.m.9 views

aiohttp: Incomplete websocket frame payloads bypass memory limits

Summary If an attacker sends large incomplete websocket frame payloads, it may be possible to bypass the usual size limits on memory use. Impact If a web application has WebSocket endpoints, it may be possible for an attacker to execute a DoS attack through excessive memory use. ----- Patch:...

8.7CVSS5.5AI score0.00305EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder