Fluid Attacks Database

Description

AIOHTTP has a Multipart Header Size Bypass

Summary

A response with an excessive number of multipart headers may be allowed to use more memory than intended, potentially allowing a DoS vulnerability.

Impact

Multipart headers were not subject to the same size restrictions in place for normal headers, potentially allowing substantially more data to be loaded into memory than intended. However, other restrictions in place limit the impact of this vulnerability.

Patch: https://github.com/aio-libs/aiohttp/commit/8a74257b3804c9aac0bf644af93070f68f6c5a6f

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	python-aiohttp	=3.7.4-1 \|\| =3.7.4-1+deb11u1 \|\| >=0 <3.7.4-1+deb11u2	3.7.4-1+deb11u2
debian 12	python-aiohttp	=3.10.0-1 \|\| =3.10.1-1 \|\| =3.10.10-1 \|\| =3.10.10-2 \|\| =3.10.11-1 \|\| =3.10.3-1 \|\| =3.10.3-2 \|\| =3.10.3-3 \|\| =3.10.4-1 \|\| =3.10.5-1 \|\| =3.10.6-1 \|\| =3.10.8-1 \|\| =3.11.15-1 \|\| =3.11.16-1 \|\| =3.12.15-1 \|\| =3.13.0-1 \|\| =3.13.1-1 \|\| =3.13.3-1 \|\| =3.13.3-2 \|\| =3.13.3-3 \|\| =3.13.5-1 \|\| =3.8.4-1 \|\| =3.8.4-1+deb12u1 \|\| =3.8.5-1 \|\| =3.8.6-1 \|\| =3.9.1-1 \|\| =3.9.5-1	-
pypi	aiohttp	>=0 <3.13.4	3.13.4
debian 14	python-aiohttp	=3.11.16-1 \|\| =3.12.15-1 \|\| =3.13.0-1 \|\| =3.13.1-1 \|\| =3.13.3-1 \|\| =3.13.3-2 \|\| =3.13.3-3 \|\| >=0 <3.13.5-1	3.13.5-1
debian 13	python-aiohttp	=3.11.16-1 \|\| =3.11.16-1+deb13u1 \|\| =3.12.15-1 \|\| =3.13.0-1 \|\| =3.13.1-1 \|\| =3.13.3-1 \|\| =3.13.3-2 \|\| =3.13.3-3 \|\| =3.13.5-1	-

Aliases

1. CVE-2026-345162. NVD-2026-345163. OSV-DEBIAN-2026-345164. OSV-2026-345165. GHSA-m5qp-6w8w-w6476. GCVE-2026-345167. SECURITY-TRACKER-CVE-2026-34516

References

1. https://github.com/aio-libs/aiohttp/security/advisories/GHSA-m5qp-6w8w-w6472. https://github.com/aio-libs/aiohttp/commit/8a74257b3804c9aac0bf644af93070f68f6c5a6f3. https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.