Bug 2491443 (CVE-2026-53540) - CVE-2026-53540 python-multipart: Python-Multipart: Negative Content-Length in parse_form buffers the entire body in memory
Summary: CVE-2026-53540 python-multipart: Python-Multipart: Negative Content-Length in...
Keywords:
Status: NEW
Alias: CVE-2026-53540
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2495855
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-06-22 18:01 UTC by OSIDB Bzimport
Modified: 2026-07-01 09:01 UTC (History)
62 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description OSIDB Bzimport 2026-06-22 18:01:40 UTC
Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.31, parse_form() did not validate the Content-Length header before using it to bound its chunked read of the request body. A negative Content-Length turned the bounded read into a read-until-EOF, so the entire body was loaded into memory in a single read instead of in fixed-size chunks. This vulnerability is fixed in 0.0.31.


Note You need to log in before you can comment on or make changes to this bug.