python · aiohttpHeads-up
aiohttp: DoS via large incomplete WebSocket frames
A security advisory was published for aiohttp regarding a potential DoS attack via large incomplete websocket frame payloads that can bypass memory size limits.
What changed
A security advisory was published for aiohttp regarding a potential DoS attack via large incomplete websocket frame payloads that can bypass memory size limits.
Who it affects
Applications using aiohttp with WebSocket endpoints.
What to do today
Apply the patch from commit 14b6ee851fb16ec199acb950de0c82d476799e7d to mitigate excessive memory use.
The trail
Collected→
Audited→
Written→
Published