AZL-71846

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-71846.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-71846

Upstream

CVE-2025-66418

Published

2025-12-05T16:15:51Z

Modified

2026-04-01T05:22:06.175381Z

Summary

CVE-2025-66418 affecting package python-urllib3 for versions less than 1.26.19-3

Details

urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory allocation for the decompressed data. This vulnerability is fixed in 2.6.0.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-66418

Affected packages

Azure Linux:2 / python-urllib3

Package

Name: python-urllib3
Purl: pkg:rpm/azure-linux/python-urllib3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.26.19-3

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-71846.json"