AIKIDO-2026-10654
ydb is vulnerable to Denial of Service (DoS)
53
Medium Risk
This Affects:
ydbTL;DR
Response iterators wrapping execute-stream reads reported iterator failures to session cleanup hooks using an exception-only handler, so asyncio cancellation and other base exceptions did not always trigger the same invalidation path as ordinary errors. If an application task was cancelled (e.g., via a dropped client HTTP request), the YDB session was returned to the connection pool without draining the stream. A remote attacker could repeatedly drop connections to systematically poison the connection pool, causing legitimate subsequent callers to receive spurious SessionBusy errors. The patch routes base exceptions through the error hook to properly invalidate the session and prevent connection pool poisoning.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
ydb is vulnerable to Denial of Service (DoS) in versions 3.16.0 - 3.28.1.
How to fix this
Upgrade the ydb library to the patch version.
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant