Skip to main content

CVE-2025-13836

| EUVDEUVD-2025-200070 MEDIUM
Uncontrolled Resource Consumption (CWE-400)
2025-12-01 cna@python.org
6.3
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
6.3 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Ubuntu
MEDIUM
qualitative
SUSE
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Red Hat
6.8 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

6
Severity Changed
May 18, 2026 - 17:07 NVD
HIGH MEDIUM
CVSS changed
May 18, 2026 - 17:07 NVD
7.5 (HIGH) 6.3 (MEDIUM)
EUVD ID Assigned
Mar 15, 2026 - 13:34 euvd
EUVD-2025-200070
Analysis Generated
Mar 15, 2026 - 13:34 vuln.today
Patch released
Mar 15, 2026 - 13:34 nvd
Patch available
CVE Published
Dec 01, 2025 - 18:16 nvd
HIGH 7.5

DescriptionCVE.org

When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.

Analysis

When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.

Vendor StatusVendor

Ubuntu

Priority: Medium
python3.8
Release Status Version
bionic released 3.8.0-3ubuntu1~18.04.2+esm8
jammy DNE -
noble DNE -
plucky DNE -
questing DNE -
upstream needs-triage -
focal released 3.8.10-0ubuntu1~20.04.18+esm4
python2.7
Release Status Version
noble DNE -
plucky DNE -
questing DNE -
upstream needs-triage -
xenial not-affected 2.7.12-1ubuntu0~16.04.18+esm18
bionic not-affected 2.7.17-1~18.04ubuntu1.13+esm13
focal not-affected 2.7.18-1~20.04.7+esm8
jammy not-affected 2.7.18-13ubuntu1.5
trusty not-affected 2.7.6-8ubuntu0.6+esm28
python3.4
Release Status Version
jammy DNE -
noble DNE -
plucky DNE -
questing DNE -
upstream needs-triage -
trusty not-affected 3.4.3-1ubuntu1~14.04.7+esm17
python3.5
Release Status Version
jammy DNE -
noble DNE -
plucky DNE -
questing DNE -
upstream needs-triage -
xenial not-affected 3.5.2-2ubuntu0~16.04.13+esm20
trusty not-affected 3.5.2-2ubuntu0~16.04.4~14.04.1+esm8
python3.6
Release Status Version
jammy DNE -
noble DNE -
plucky DNE -
questing DNE -
upstream needs-triage -
bionic not-affected 3.6.9-1~18.04ubuntu1.13+esm7
python3.7
Release Status Version
jammy DNE -
noble DNE -
plucky DNE -
questing DNE -
upstream needs-triage -
bionic not-affected 3.7.5-2ubuntu1~18.04.2+esm8
python3.9
Release Status Version
jammy DNE -
noble DNE -
plucky DNE -
questing DNE -
upstream needs-triage -
focal released 3.9.5-3ubuntu0~20.04.1+esm8
python3.10
Release Status Version
noble DNE -
plucky DNE -
questing DNE -
upstream needs-triage -
jammy released 3.10.12-1~22.04.13
python3.11
Release Status Version
noble DNE -
plucky DNE -
questing DNE -
upstream needs-triage -
jammy released 3.11.0~rc1-1~22.04.1~esm7
python3.12
Release Status Version
jammy DNE -
plucky DNE -
questing DNE -
upstream needs-triage -
noble released 3.12.3-1ubuntu0.10
python3.13
Release Status Version
jammy DNE -
noble DNE -
upstream needs-triage -
plucky released 3.13.3-1ubuntu0.5
questing released 3.13.7-1ubuntu0.2
python3.14
Release Status Version
jammy DNE -
noble DNE -
plucky DNE -
upstream needs-triage -
questing released 3.14.0-1ubuntu0.1

Debian

Bug #1126783
pypy3
Release Status Fixed Version Urgency
bullseye not-affected - -
bullseye (security) fixed 7.3.5+dfsg-2+deb11u5 -
bookworm vulnerable 7.3.11+dfsg-2+deb12u3 -
trixie vulnerable 7.3.19+dfsg-2 -
forky, sid vulnerable 7.3.20+dfsg-4 -
(unstable) fixed (unfixed) -
python3.11
Release Status Fixed Version Urgency
bookworm vulnerable 3.11.2-6+deb12u6 -
bookworm (security) vulnerable 3.11.2-6+deb12u3 -
(unstable) fixed (unfixed) -
python3.13
Release Status Fixed Version Urgency
trixie vulnerable 3.13.5-2 -
forky, sid fixed 3.13.12-1 -
(unstable) fixed 3.13.11-1 -
python3.14
Release Status Fixed Version Urgency
forky fixed 3.14.3-1 -
sid fixed 3.14.3-2 -
(unstable) fixed 3.14.2-1 -
python3.9
Release Status Fixed Version Urgency
bullseye fixed 3.9.2-1+deb11u4 -
bullseye (security) fixed 3.9.2-1+deb11u5 -
(unstable) fixed (unfixed) -

SUSE

Severity: High
Product Status
Container suse/manager/4.3/proxy-httpd:4.3.16.2.9.73.6 Container suse/manager/4.3/proxy-salt-broker:4.3.16.2.9.63.6 Container suse/manager/4.3/proxy-ssh:4.3.16.2.9.63.5 Container suse/manager/4.3/proxy-tftpd:4.3.16.2.9.63.5 Container suse/manager/5.0/x86_64/proxy-httpd:latest Container suse/manager/5.0/x86_64/proxy-salt-broker:latest Container suse/manager/5.0/x86_64/proxy-ssh:latest Container suse/manager/5.0/x86_64/proxy-tftpd:latest Container suse/multi-linux-manager/5.1/x86_64/proxy-squid:5.1.2.8.13.1 Container suse/multi-linux-manager/5.1/x86_64/proxy-ssh:5.1.2.8.13.1 Container suse/multi-linux-manager/5.1/x86_64/proxy-tftpd:5.1.2.8.13.1 Image SLES15-SP4-Micro-5-3-BYOS Image SLES15-SP4-Micro-5-3-BYOS-Azure Image SLES15-SP4-Micro-5-4-BYOS Image SLES15-SP4-Micro-5-4-BYOS-Azure Image SLES15-SP5-Micro-5-5 Image SLES15-SP5-Micro-5-5-Azure Image SLES15-SP5-Micro-5-5-BYOS Image SLES15-SP5-Micro-5-5-BYOS-Azure Image SLES15-SP5-Micro-5-5-EC2 Image SLES15-SP6-CHOST-BYOS Image SLES15-SP6-CHOST-BYOS-Aliyun Image SLES15-SP6-CHOST-BYOS-Azure Image SLES15-SP6-CHOST-BYOS-EC2 Image SLES15-SP6-CHOST-BYOS-GDC Image SLES15-SP6-CHOST-BYOS-SAP-CCloud Image SLES15-SP7-CHOST-BYOS-Aliyun Image SLES15-SP7-CHOST-BYOS-Azure Image SLES15-SP7-CHOST-BYOS-EC2 Image SLES15-SP7-CHOST-BYOS-GDC Image SLES15-SP7-CHOST-BYOS-SAP-CCloud Image proxy-httpd-image Image proxy-squid-image Image proxy-ssh-image Image proxy-tftpd-image Affected
Container suse/manager/5.0/x86_64/server-migration-14-16:latest Container suse/multi-linux-manager/5.1/x86_64/server-migration-14-16:5.1.2.8.13.1 Container suse/sle-micro-rancher/5.2:latest Container suse/sle-micro/5.2/toolbox:14.2-7.11.218 Image SLES15-SP6-CHOST-BYOS-GCE Image SLES15-SP7-CHOST-BYOS-GCE Image server-database-migration-image Image server-migration-14-16-image Affected
Container suse/manager/5.0/x86_64/server:latest Image SLES15-SP4-BYOS-Azure Image SLES15-SP4-BYOS-GCE Image SLES15-SP4-HPC-BYOS-Azure Image SLES15-SP4-HPC-BYOS-GCE Image SLES15-SP4-HPC-GCE Image SLES15-SP4-Hardened-BYOS-Azure Image SLES15-SP4-Hardened-BYOS-GCE Image SLES15-SP4-Manager-Server-4-3-BYOS Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2 Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE Image SLES15-SP4-SAP-Azure Image SLES15-SP4-SAP-Azure-LI-BYOS Image SLES15-SP4-SAP-Azure-LI-BYOS-Production Image SLES15-SP4-SAP-Azure-VLI-BYOS Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production Image SLES15-SP4-SAP-BYOS-Azure Image SLES15-SP4-SAP-BYOS-GCE Image SLES15-SP4-SAP-GCE Image SLES15-SP4-SAP-Hardened Image SLES15-SP4-SAP-Hardened-Azure Image SLES15-SP4-SAP-Hardened-BYOS-Azure Image SLES15-SP4-SAP-Hardened-BYOS-GCE Image SLES15-SP4-SAP-Hardened-GCE Image SLES15-SP4-SAPCAL-Azure Image SLES15-SP4-SAPCAL-GCE Image SLES15-SP5-Azure-3P Image SLES15-SP5-Azure-Basic Image SLES15-SP5-Azure-Standard Image SLES15-SP5-BYOS-Azure Image SLES15-SP5-BYOS-GCE Image SLES15-SP5-GCE Image SLES15-SP5-HPC-Azure Image SLES15-SP5-HPC-BYOS-Azure Image SLES15-SP5-HPC-BYOS-GCE Image SLES15-SP5-Hardened-BYOS-Azure Image SLES15-SP5-Hardened-BYOS-GCE Image SLES15-SP5-SAP-Azure-3P Image SLES15-SP5-SAP-BYOS-Azure Image SLES15-SP5-SAP-BYOS-GCE Image SLES15-SP5-SAP-Hardened-Azure Image SLES15-SP5-SAP-Hardened-BYOS-Azure Image SLES15-SP5-SAP-Hardened-BYOS-GCE Image SLES15-SP5-SAP-Hardened-GCE Image SLES15-SP5-SAPCAL-Azure Image SLES15-SP5-SAPCAL-GCE Image SLES15-SP6-BYOS-GCE Image SLES15-SP6-GCE Image SLES15-SP6-HPC-BYOS-GCE Image SLES15-SP6-HPC-GCE Image SLES15-SP6-Hardened-BYOS-GCE Image SLES15-SP6-SAP Image SLES15-SP6-SAP-Azure-LI-BYOS Image SLES15-SP6-SAP-Azure-LI-BYOS-Production Image SLES15-SP6-SAP-Azure-VLI-BYOS Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production Image SLES15-SP6-SAP-BYOS-GCE Image SLES15-SP6-SAP-GCE Image SLES15-SP6-SAP-Hardened Image SLES15-SP6-SAP-Hardened-BYOS-GCE Image SLES15-SP6-SAP-Hardened-GCE Image SLES15-SP6-SAPCAL Image SLES15-SP6-SAPCAL-GCE Image SLES15-SP7-GCE Image SLES15-SP7-GCE-3P Image SLES15-SP7-SAP-GCE Image SLES15-SP7-SAP-GCE-3P Image SLES15-SP7-SAP-Hardened-GCE Image SLES15-SP7-SAPCAL-GCE Affected
Container suse/multi-linux-manager/5.1/x86_64/proxy-httpd:5.1.2.8.15.2 Affected
Container suse/multi-linux-manager/5.1/x86_64/proxy-salt-broker:5.1.2.9.13.2 Affected

Share

CVE-2025-13836 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy