CVE-2025-13836
Excessive read buffering DoS in http.client
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.
| Vendor | python software foundation |
| Product | cpython |
| Published | Dec 1, 2025 |
| Last Updated | Mar 3, 2026 |
Stay Ahead of the Next One
Get instant alerts for python software foundation cpython
Be the first to know when new unknown vulnerabilities affecting python software foundation cpython are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Python Software Foundation / CPython
0 < 3.10.20 3.11.0 < 3.11.15 3.12.0 < 3.12.13 3.13.0 < 3.13.11 3.14.0 < 3.14.1 3.15.0a1 < 3.15.0a3
References
github.com: https://github.com/python/cpython/issues/119451 github.com: https://github.com/python/cpython/pull/119454 github.com: https://github.com/python/cpython/commit/4ce27904b597c77d74dd93f2c912676021a99155 github.com: https://github.com/python/cpython/commit/5a4c4a033a4a54481be6870aa1896fad732555b5 mail.python.org: https://mail.python.org/archives/list/[email protected]/thread/OQ6G7MKRQIS3OAREC3HNG3D2DPOU34XO/ github.com: https://github.com/python/cpython/commit/289f29b0fe38baf2d7cb5854f4bb573cc34a6a15 github.com: https://github.com/python/cpython/commit/14b1fdb0a94b96f86fc7b86671ea9582b8676628 github.com: https://github.com/python/cpython/commit/5dc101675fd22918facbbe0fecdc821502beaaf0 github.com: https://github.com/python/cpython/commit/afc40bdd3dd71f343fd9016f6d8eebbacbd6587c