CVE-2026-34516
ADVISORY - githubSummary
Summary
A response with an excessive number of multipart headers may be allowed to use more memory than intended, potentially allowing a DoS vulnerability.
Impact
Multipart headers were not subject to the same size restrictions in place for normal headers, potentially allowing substantially more data to be loaded into memory than intended. However, other restrictions in place limit the impact of this vulnerability.
Patch: https://github.com/aio-libs/aiohttp/commit/8a74257b3804c9aac0bf644af93070f68f6c5a6f
Common Weakness Enumeration (CWE)
Allocation of Resources Without Limits or Throttling
Allocation of Resources Without Limits or Throttling
Allocation of Resources Without Limits or Throttling
NIST
3.9
CVSS SCORE
6.6mediumGitHub
3.9
CVSS SCORE
6.6mediumAlpine
-
Debian
-
Ubuntu
-
CVSS SCORE
N/AmediumRed Hat
3.9
CVSS SCORE
5.3mediumChainguard
CGA-44m8-rw6v-m468
-
minimos
MINI-24f6-2944-5h56
-
minimos
MINI-2xhf-jf5g-3fcf
-
minimos
MINI-3354-f2q6-q7qv
-
minimos
MINI-5xm6-5m48-35w3
-
minimos
MINI-8xmf-2mfp-jxv7
-
minimos
MINI-hw87-x4v7-p9w5
-
minimos
MINI-xm2f-gj95-w2x4
-