PT-2025-48535 · Http+5 · Http+5

Serhiy Storchaka

·

Published

2024-05-23

·

Updated

2026-05-11

·

CVE-2025-13836

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions python3.9 python3.11 python3.13
Description When reading an HTTP response from a server, if no read amount is specified, the default behavior is to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing Out Of Memory (OOM) errors or other Denial of Service (DoS) conditions. The issue resides in the http.client module.
Recommendations For python3.9, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For python3.11, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For python3.13, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Out of bounds Read

Resource Exhaustion

Weakness Enumeration

CWE-125CWE-400

Related Identifiers

ALSA-2026:1374
ALSA-2026:1408
ALSA-2026:1410
ALSA-2026:1828
ALSA-2026:2419
AZL-71264
BDU:2026-05127
BIT-LIBPYTHON-2025-13836
BIT-PYTHON-2025-13836
BIT-PYTHON-MIN-2025-13836
CVE-2025-13836
ECHO-F3FC-AD65-9711
MGASA-2025-0324
OESA-2026-1052
OESA-2026-1053
OESA-2026-1054
OESA-2026-1055
OESA-2026-1056
OESA-2026-1057
OPENSUSE-SU-2025:15839-1
OPENSUSE-SU-2025:15840-1
OPENSUSE-SU-2025:15846-1
OPENSUSE-SU-2025:15849-1
OPENSUSE-SU-2025:15850-1
OPENSUSE-SU-2025:15851-1
OPENSUSE-SU-2026:10011-1
OPENSUSE-SU-2026:10389-1
OPENSUSE-SU-2026:20081-1
OPENSUSE-SU-2026:20412-1
PSF-2025-14
RHSA-2026:1374
RHSA-2026:1408
RHSA-2026:1410
RHSA-2026:1828
RHSA-2026:1892
RHSA-2026:1893
RHSA-2026:1922
RHSA-2026:2084
RHSA-2026:2233
RHSA-2026:2419
RHSA-2026:3897
RHSA-2026:3900
RHSA-2026:7443
RHSA-2026:7661
RHSA-2026:8822
RHSA-2026:8824
SUSE-SU-2025:4522-1
SUSE-SU-2025:4538-1
SUSE-SU-2025:4539-1
SUSE-SU-2026:0024-1
SUSE-SU-2026:0025-1
SUSE-SU-2026:0027-1
SUSE-SU-2026:0130-1
SUSE-SU-2026:0133-1
SUSE-SU-2026:0268-1
SUSE-SU-2026:0299-1
SUSE-SU-2026:0314-1
SUSE-SU-2026:1012-1
SUSE-SU-2026:1014-1
SUSE-SU-2026:1026-1
SUSE-SU-2026:1027-1
SUSE-SU-2026:1028-1
SUSE-SU-2026:1029-1
SUSE-SU-2026:1030-1
SUSE-SU-2026:1062-1
SUSE-SU-2026:1107-1
SUSE-SU-2026:1117-1
SUSE-SU-2026:1349-1
SUSE-SU-2026:20047-1
SUSE-SU-2026:20125-1
SUSE-SU-2026:20154-1
SUSE-SU-2026:20374-1
SUSE-SU-2026:20768-1
SUSE-SU-2026:20796-1
SUSE-SU-2026:20820-1
SUSE-SU-2026:20825-1
USN-7951-1

Affected Products

Debian
Http
Linuxmint
Red Os
Rocky Linux
Ubuntu