漏洞标题
事件let中处理高度压缩数据(数据放大)和使用过大尺寸值进行内存分配不当
漏洞描述信息
事件let中对高度压缩数据(数据放大)处理不当以及使用过大的尺寸值进行内存分配的问题
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
漏洞类别
N/A
漏洞标题
Improper Handling of Highly Compressed Data (Data Amplification) and Memory Allocation with Excessive Size Value in eventlet
漏洞描述信息
Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch in version 0.31.0 restricts websocket frame to reasonable limits. As a workaround, restricting memory usage via OS limits would help against overall machine exhaustion, but there is no workaround to protect Eventlet process.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
漏洞类别
未加控制的资源消耗(资源穷尽)
漏洞标题
Eventlet 资源管理错误漏洞
漏洞描述信息
Eventlet是Python的一个并发网络库。 Eventlet 0.31.0 之前版本存在资源管理错误漏洞,该漏洞源于一个websocket peer可能会通过发送非常大的websocket帧来耗尽Eventlet端的内存。
CVSS信息
N/A
漏洞类别
资源管理错误