7.5

CVE-2025-13836

Excessive read buffering DoS in http.client

When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PythonPython Version < 3.10.20
PythonPython Version >= 3.11.0 < 3.11.15
PythonPython Version >= 3.12.0 < 3.12.13
PythonPython Version >= 3.13.0 < 3.13.11
PythonPython Version3.14.0 Update-
PythonPython Version3.15.0 Updatealpha1
PythonPython Version3.15.0 Updatealpha2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.53% 0.715
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
cna@python.org 6.3 0 0
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

https://github.com/python/cpython/issues/119451
Patch
Issue Tracking
https://github.com/python/cpython/pull/119454
Patch
Issue Tracking
https://github.com/python/cpython/commit/4ce27904b597c77d74dd93f2c912676021a99155
Patch
https://github.com/python/cpython/commit/5a4c4a033a4a54481be6870aa1896fad732555b5
Patch
https://mail.python.org/archives/list/security-announce@python.org/thread/OQ6G7MKRQIS3OAREC3HNG3D2DPOU34XO/
Vendor Advisory
https://github.com/python/cpython/commit/289f29b0fe38baf2d7cb5854f4bb573cc34a6a15
Patch
https://github.com/python/cpython/commit/14b1fdb0a94b96f86fc7b86671ea9582b8676628
Patch
https://github.com/python/cpython/commit/5dc101675fd22918facbbe0fecdc821502beaaf0
Patch
https://github.com/python/cpython/commit/afc40bdd3dd71f343fd9016f6d8eebbacbd6587c
Patch