AZL-71264

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-71264.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-71264

Upstream

CVE-2025-13836

Published

2025-12-01T18:16:04Z

Modified

2026-04-01T05:22:31.351596Z

Summary

CVE-2025-13836 affecting package python3 for versions less than 3.12.9-7

Details

When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-13836

Affected packages

Azure Linux:3 / python3

Package

Name: python3
Purl: pkg:rpm/azure-linux/python3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.12.9-7

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-71264.json"