python · aiohttpHeads-up
aiohttp C parser max_line_size bypass leads to DoS
A security vulnerability in aiohttp's C parser allows bypassing the max_line_size check, potentially leading to memory exhaustion and DoS.
What changed
A security vulnerability in aiohttp's C parser allows bypassing the max_line_size check, potentially leading to memory exhaustion and DoS.
Who it affects
Users of aiohttp with the default C parser enabled (pre-built wheels).
What to do today
Apply the patch from commit 5ab61bb4cd88f19b712f12c7c9295fe262bf804d or upgrade to a fixed version.
The trail
Collected→
Audited→
Written→
Published