Primary

Context

AIOHTTP Memory Denial-of-Service Vulnerability in Multipart Form Processing

Vulnerability

Patched

A denial-of-service vulnerability has been identified in AIOHTTP, an asynchronous HTTP client/server framework for Python. Prior to version 3.13.4, AIOHTTP's handling of certain multipart form fields allowed the entire field to be read into memory before enforcing the maximum client size limit. This behavior could be exploited to cause significant temporary memory usage, potentially leading to application performance issues or crashes.

Impact

Exploitation of this vulnerability can cause excessive memory consumption, leading to application slowdowns or crashes.

Remediation

Users can upgrade to AIOHTTP version 3.13.4 or later to address this vulnerability. AIOHTTP version 3.13.4 is available on the Python Package Index (PyPI).

Added: Apr 1, 2026, 9:49 PM

Updated: Apr 1, 2026, 9:49 PM

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

0.6

exploitability

8.8

remediation

7.7

relevance

5.1

threat

3.2

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

0.6

exploitability

8.8

remediation

7.7

relevance

5.1

threat

3.2

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AIOHTTP Memory Denial-of-Service Vulnerability in Multipart Form Processing

Vulnerability

Impact

Remediation

Affected Products

aio-libs aiohttp

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating