CVE-2025-13836

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-13836

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-13836.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-13836

Aliases

Downstream

AZL-71264

BELL-CVE-2025-13836

CLSA-2026-1768412660

CLSA-2026-1768480470

CLSA-els_os-almalinux9.2fips-2026:1768480470

DEBIAN-CVE-2025-13836

DLA-4445-1

ECHO-f3fc-ad65-9711

MGASA-2025-0324

MINI-2g48-5p3q-f6fj

MINI-c9q9-8442-rf8x

MINI-f8jp-r88j-8rfj

MINI-r259-ggrx-8x6c

MINI-vmg4-g3vv-jfq4

OESA-2026-1052

OESA-2026-1053

OESA-2026-1054

OESA-2026-1055

OESA-2026-1056

OESA-2026-1057

RHSA-2026:1374

RHSA-2026:1408

RHSA-2026:1410

RHSA-2026:1828

RHSA-2026:1892

RHSA-2026:1893

RHSA-2026:1922

RHSA-2026:2084

RHSA-2026:2233

RHSA-2026:2419

RHSA-2026:3897

RHSA-2026:3900

RHSA-2026:7443

RHSA-2026:7661

RHSA-2026:8822

RHSA-2026:8824

RLSA-2026:1374

RLSA-2026:1408

RLSA-2026:1410

RLSA-2026:1828

RLSA-2026:2419

ROOT-OS-DEBIAN-12-CVE-2025-13836

ROOT-OS-DEBIAN-13-CVE-2025-13836

SUSE-SU-2025:4522-1

SUSE-SU-2025:4538-1

SUSE-SU-2025:4539-1

SUSE-SU-2026:0024-1

SUSE-SU-2026:0025-1

SUSE-SU-2026:0027-1

SUSE-SU-2026:0130-1

SUSE-SU-2026:0133-1

SUSE-SU-2026:0268-1

SUSE-SU-2026:0299-1

SUSE-SU-2026:0314-1

SUSE-SU-2026:1012-1

SUSE-SU-2026:1014-1

SUSE-SU-2026:1026-1

SUSE-SU-2026:1027-1

SUSE-SU-2026:1028-1

SUSE-SU-2026:1029-1

SUSE-SU-2026:1030-1

SUSE-SU-2026:1062-1

SUSE-SU-2026:1107-1

SUSE-SU-2026:1117-1

SUSE-SU-2026:1349-1

SUSE-SU-2026:20047-1

SUSE-SU-2026:20125-1

SUSE-SU-2026:20154-1

SUSE-SU-2026:20374-1

SUSE-SU-2026:20768-1

SUSE-SU-2026:20796-1

SUSE-SU-2026:20820-1

SUSE-SU-2026:20825-1

UBUNTU-CVE-2025-13836

USN-7951-1

openSUSE-SU-2025:15839-1

openSUSE-SU-2025:15840-1

openSUSE-SU-2025:15846-1

openSUSE-SU-2025:15849-1

openSUSE-SU-2025:15850-1

openSUSE-SU-2025:15851-1

openSUSE-SU-2026:10011-1

openSUSE-SU-2026:10389-1

openSUSE-SU-2026:20081-1

openSUSE-SU-2026:20412-1

Related

Published

2025-12-01T18:02:38.483Z

Modified

2026-06-03T04:02:46.163410611Z

Severity

6.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L CVSS Calculator

Summary

Excessive read buffering DoS in http.client

Details

When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/13xxx/CVE-2025-13836.json",
    "cna_assigner": "PSF"
}

References

Affected packages

Git / github.com/python/cpython

Affected ranges

Type: GIT
Repo: https://github.com/python/cpython
Events: Introduced

f31a89bb901067dd105b00cfa90523cf7ffdbbdd

Fixed

f1eb0c0b0cd6ad24f3126e1df093aeb5845d6a88

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-13836.json"