Skip to content

Uncapped memory usage possible via headers/trailers

Moderate
Dreamsorcerer published GHSA-w2fm-2cpv-w7v5 Mar 31, 2026

Package

pip aiohttp (pip)

Affected versions

<=3.13.3

Patched versions

3.13.4

Description

Summary

Insufficient restrictions in header/trailer handling could cause uncapped memory usage.

Impact

An application could cause memory exhaustion when receiving an attacker controlled request or response. A vulnerable web application could mitigate these risks with a typical reverse proxy configuration.


Patch: 0c2e9da

Severity

Moderate

CVE ID

CVE-2026-22815

Weaknesses

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource. Learn more on MITRE.

Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. Learn more on MITRE.

Credits