How to fix EUVD-2025-200070?

Within 24 hours: inventory all systems and applications affected by this vulnerability and assess internet exposure. Within 7 days: apply available vendor patches to all vulnerable instances and validate in non-production environments. Within 30 days: complete patch deployment across all production systems and confirm remediation through security scanning.

Is Ubuntu affected by EUVD-2025-200070?

CVE-2025-13836 allows malicious servers to exhaust client memory resources, potentially disrupting service availability for applications that consume HTTP responses. Organizations with internet-facing or third-party-connected systems should prioritize patching to prevent denial-of-service attacks.

EUVD-2025-200070

| CVE-2025-13836 HIGH

2025-12-01 [email protected]

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 15, 2026 - 13:34 vuln.today

EUVD ID Assigned

Mar 15, 2026 - 13:34 euvd

EUVD-2025-200070

Patch Released

Mar 15, 2026 - 13:34 nvd

Patch available

CVE Published

Dec 01, 2025 - 18:16 nvd

HIGH 7.5

Description

When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.

Analysis

Technical Context

A denial of service vulnerability allows an attacker to disrupt the normal functioning of a system, making it unavailable to legitimate users. This vulnerability is classified as Uncontrolled Resource Consumption (CWE-400).

Affected Products

Affected products: Python Python

Remediation

A vendor patch is available — apply it immediately. Implement rate limiting and input validation. Use timeout mechanisms for resource-intensive operations. Deploy DDoS protection where applicable.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.2

CVSS: +38

POC: 0

Vendor Status

Ubuntu

Priority: Medium

python3.8

Release	Status	Version
bionic	released	3.8.0-3ubuntu1~18.04.2+esm8
jammy	DNE	-
noble	DNE	-
plucky	DNE	-
questing	DNE	-
upstream	needs-triage	-
focal	released	3.8.10-0ubuntu1~20.04.18+esm4

python2.7

Release	Status	Version
noble	DNE	-
plucky	DNE	-
questing	DNE	-
upstream	needs-triage	-
xenial	not-affected	2.7.12-1ubuntu0~16.04.18+esm18
bionic	not-affected	2.7.17-1~18.04ubuntu1.13+esm13
focal	not-affected	2.7.18-1~20.04.7+esm8
jammy	not-affected	2.7.18-13ubuntu1.5
trusty	not-affected	2.7.6-8ubuntu0.6+esm28

python3.4

Release	Status	Version
jammy	DNE	-
noble	DNE	-
plucky	DNE	-
questing	DNE	-
upstream	needs-triage	-
trusty	not-affected	3.4.3-1ubuntu1~14.04.7+esm17

python3.5

Release	Status	Version
jammy	DNE	-
noble	DNE	-
plucky	DNE	-
questing	DNE	-
upstream	needs-triage	-
xenial	not-affected	3.5.2-2ubuntu0~16.04.13+esm20
trusty	not-affected	3.5.2-2ubuntu0~16.04.4~14.04.1+esm8

python3.6

Release	Status	Version
jammy	DNE	-
noble	DNE	-
plucky	DNE	-
questing	DNE	-
upstream	needs-triage	-
bionic	not-affected	3.6.9-1~18.04ubuntu1.13+esm7

python3.7

Release	Status	Version
jammy	DNE	-
noble	DNE	-
plucky	DNE	-
questing	DNE	-
upstream	needs-triage	-
bionic	not-affected	3.7.5-2ubuntu1~18.04.2+esm8

python3.9

Release	Status	Version
jammy	DNE	-
noble	DNE	-
plucky	DNE	-
questing	DNE	-
upstream	needs-triage	-
focal	released	3.9.5-3ubuntu0~20.04.1+esm8

python3.10

Release	Status	Version
noble	DNE	-
plucky	DNE	-
questing	DNE	-
upstream	needs-triage	-
jammy	released	3.10.12-1~22.04.13

python3.11

Release	Status	Version
noble	DNE	-
plucky	DNE	-
questing	DNE	-
upstream	needs-triage	-
jammy	released	3.11.0~rc1-1~22.04.1~esm7

python3.12

Release	Status	Version
jammy	DNE	-
plucky	DNE	-
questing	DNE	-
upstream	needs-triage	-
noble	released	3.12.3-1ubuntu0.10

python3.13

Release	Status	Version
jammy	DNE	-
noble	DNE	-
upstream	needs-triage	-
plucky	released	3.13.3-1ubuntu0.5
questing	released	3.13.7-1ubuntu0.2

python3.14

Release	Status	Version
jammy	DNE	-
noble	DNE	-
plucky	DNE	-
upstream	needs-triage	-
questing	released	3.14.0-1ubuntu0.1

USN-7951-1

Debian

Bug #1126783

pypy3

Release	Status	Fixed Version	Urgency
bullseye	not-affected	-	-
bullseye (security)	fixed	7.3.5+dfsg-2+deb11u5	-
bookworm	vulnerable	7.3.11+dfsg-2+deb12u3	-
trixie	vulnerable	7.3.19+dfsg-2	-
forky, sid	vulnerable	7.3.20+dfsg-4	-
(unstable)	fixed	(unfixed)	-

python3.11

Release	Status	Fixed Version	Urgency
bookworm	vulnerable	3.11.2-6+deb12u6	-
bookworm (security)	vulnerable	3.11.2-6+deb12u3	-
(unstable)	fixed	(unfixed)	-

python3.13

Release	Status	Fixed Version	Urgency
trixie	vulnerable	3.13.5-2	-
forky, sid	fixed	3.13.12-1	-
(unstable)	fixed	3.13.11-1	-

python3.14

Release	Status	Fixed Version	Urgency
forky	fixed	3.14.3-1	-
sid	fixed	3.14.3-2	-
(unstable)	fixed	3.14.2-1	-

python3.9

Release	Status	Fixed Version	Urgency
bullseye	fixed	3.9.2-1+deb11u4	-
bullseye (security)	fixed	3.9.2-1+deb11u5	-
(unstable)	fixed	(unfixed)	-

DLA-4445-1

EUVD-2025-200070 vulnerability details – vuln.today

Back

EUVD-2025-200070

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

EUVD-2025-200070

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

External POC / Exploit Code