CVE-2025-13836

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-13836

Severity

7.5

High

CVSS V3

Eliminate CVEs with Chainguard hardened images

Build, ship, and run secure software with minimal, hardened container images — rebuilt from source daily and guarded under our industry-leading remediation SLA.

Start for free

Description

When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-13836
https://github.com/advisories/GHSA-399h-rrqc-rpgv
https://mail.python.org/archives/list/security-announce@python.org/thread/OQ6G7MKRQIS3OAREC3HNG3D2DPOU34XO/
https://github.com/python/cpython/issues/119451
https://github.com/python/cpython/pull/119454
https://github.com/python/cpython/commit/14b1fdb0a94b96f86fc7b86671ea9582b8676628
https://github.com/python/cpython/commit/289f29b0fe38baf2d7cb5854f4bb573cc34a6a15
https://github.com/python/cpython/commit/4ce27904b597c77d74dd93f2c912676021a99155
https://github.com/python/cpython/commit/5a4c4a033a4a54481be6870aa1896fad732555b5
https://github.com/python/cpython/commit/5dc101675fd22918facbbe0fecdc821502beaaf0
https://github.com/python/cpython/commit/afc40bdd3dd71f343fd9016f6d8eebbacbd6587c

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

The trusted source for open source

Talk to an expert

Privacy

Terms

CVE-2025-13836

Severity

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company