{
  "threat_severity" : "Moderate",
  "public_date" : "2025-12-01T18:02:38Z",
  "bugzilla" : {
    "description" : "cpython: Excessive read buffering DoS in http.client",
    "id" : "2418078",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2418078"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.8",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-770",
  "details" : [ "When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.", "A flaw was found in the http.client module in the Python standard library. When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This issue allows a malicious server to cause the client to read large amounts of data into memory, potentially causing memory allocations errors, swapping, out-of-memory conditions or even system freezes." ],
  "statement" : "This issue can only be exploited by Python applications using the http.client.HTTPResponse.read function without the amount parameter, which specifies the read size in bytes. Note that Python libraries may use this function internally and make applications vulnerable. Additionally, vulnerable Python applications must connect to a malicious or compromised server that replies with a very large or crafted Content-Length header to trigger this issue, limiting the exposure of this vulnerability.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "release_date" : "2026-02-03T00:00:00Z",
    "advisory" : "RHSA-2026:1828",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10.1",
    "package" : "python3.12-0:3.12.12-3.el10_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 10.0 Extended Update Support",
    "release_date" : "2026-02-09T00:00:00Z",
    "advisory" : "RHSA-2026:2233",
    "cpe" : "cpe:/o:redhat:enterprise_linux_eus:10.0",
    "package" : "python3.12-0:3.12.9-2.el10_0.6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2026-01-27T00:00:00Z",
    "advisory" : "RHSA-2026:1374",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "python3.11-0:3.11.13-4.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2026-02-10T00:00:00Z",
    "advisory" : "RHSA-2026:2419",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "python3.12-0:3.12.12-2.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
    "release_date" : "2026-02-05T00:00:00Z",
    "advisory" : "RHSA-2026:2084",
    "cpe" : "cpe:/a:redhat:rhel_tus:8.8",
    "package" : "python3.11-0:3.11.2-2.el8_8.7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
    "release_date" : "2026-02-05T00:00:00Z",
    "advisory" : "RHSA-2026:2084",
    "cpe" : "cpe:/a:redhat:rhel_e4s:8.8",
    "package" : "python3.11-0:3.11.2-2.el8_8.7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2026-01-27T00:00:00Z",
    "advisory" : "RHSA-2026:1408",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "python3.12-0:3.12.12-4.el9_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2026-01-27T00:00:00Z",
    "advisory" : "RHSA-2026:1410",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "python3.11-0:3.11.13-5.el9_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
    "release_date" : "2026-02-04T00:00:00Z",
    "advisory" : "RHSA-2026:1922",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.2",
    "package" : "python3.11-0:3.11.2-2.el9_2.9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support",
    "release_date" : "2026-02-04T00:00:00Z",
    "advisory" : "RHSA-2026:1893",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.4",
    "package" : "python3.11-0:3.11.7-1.el9_4.10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support",
    "release_date" : "2026-03-05T00:00:00Z",
    "advisory" : "RHSA-2026:3897",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.4",
    "package" : "python3.12-0:3.12.1-4.el9_4.10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support",
    "release_date" : "2026-02-04T00:00:00Z",
    "advisory" : "RHSA-2026:1892",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.6",
    "package" : "python3.11-0:3.11.11-2.el9_6.4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support",
    "release_date" : "2026-03-05T00:00:00Z",
    "advisory" : "RHSA-2026:3900",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.6",
    "package" : "python3.12-0:3.12.9-1.el9_6.5"
  }, {
    "product_name" : "Red Hat Discovery 2",
    "release_date" : "2026-02-02T00:00:00Z",
    "advisory" : "RHSA-2026:1736",
    "cpe" : "cpe:/a:redhat:discovery:2::el9",
    "package" : "discovery/discovery-server-rhel9:sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8"
  }, {
    "product_name" : "Red Hat Update Infrastructure 5",
    "release_date" : "2026-02-11T00:00:00Z",
    "advisory" : "RHSA-2026:2563",
    "cpe" : "cpe:/a:redhat:rhui:5::el9",
    "package" : "rhui5/installer-rhel9:sha256:48cf7cf48dfadb17f9357bf1894a5d0393551a893faa8b0ea0e11fe1ffed497f"
  }, {
    "product_name" : "Red Hat Update Infrastructure 5",
    "release_date" : "2026-02-11T00:00:00Z",
    "advisory" : "RHSA-2026:2563",
    "cpe" : "cpe:/a:redhat:rhui:5::el9",
    "package" : "rhui5/rhua-rhel9:sha256:df709663b581b740006c6ea4b297978932874eade1563c3952e0594e926aa5f8"
  }, {
    "product_name" : "Red Hat Update Infrastructure 5",
    "release_date" : "2026-03-18T00:00:00Z",
    "advisory" : "RHSA-2026:4943",
    "cpe" : "cpe:/a:redhat:rhui:5::el9",
    "package" : "rhui5/cds-rhel9:sha256:200c27e9b396276bd505c6b41127ac5eb1d94d620172cb818ae733f2a21ac524"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "firefox",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "python",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "firefox",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "python",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "python3",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "firefox",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "python3",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "python36:3.6/python36",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "python39-devel:3.9/python39",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "firefox",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "python3.9",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI)",
    "fix_state" : "Not affected",
    "package_name" : "rhelai1/bootc-amd-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI)",
    "fix_state" : "Not affected",
    "package_name" : "rhelai1/bootc-aws-nvidia-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI)",
    "fix_state" : "Not affected",
    "package_name" : "rhelai1/bootc-azure-amd-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI)",
    "fix_state" : "Not affected",
    "package_name" : "rhelai1/bootc-azure-nvidia-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI)",
    "fix_state" : "Not affected",
    "package_name" : "rhelai1/bootc-gcp-nvidia-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI)",
    "fix_state" : "Not affected",
    "package_name" : "rhelai1/bootc-nvidia-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3",
    "fix_state" : "Affected",
    "package_name" : "rhelai3/bootc-aws-cuda-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3",
    "fix_state" : "Affected",
    "package_name" : "rhelai3/bootc-azure-cuda-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3",
    "fix_state" : "Affected",
    "package_name" : "rhelai3/bootc-cuda-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3",
    "fix_state" : "Affected",
    "package_name" : "rhelai3/bootc-gcp-cuda-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Not affected",
    "package_name" : "rhoai/odh-workbench-codeserver-datascience-cpu-py312-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift Dev Spaces",
    "fix_state" : "Not affected",
    "package_name" : "devspaces/code-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_devspaces:3"
  }, {
    "product_name" : "Red Hat OpenShift Dev Spaces",
    "fix_state" : "Affected",
    "package_name" : "devspaces/pluginregistry-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_devspaces:3"
  }, {
    "product_name" : "Red Hat OpenShift Dev Spaces",
    "fix_state" : "Not affected",
    "package_name" : "devspaces-tech-preview/idea-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_devspaces:3"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-13836\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-13836\nhttps://github.com/python/cpython/issues/119451\nhttps://github.com/python/cpython/pull/119454" ],
  "name" : "CVE-2025-13836",
  "mitigation" : {
    "value" : "Since this vulnerability is triggered when no read amount is specified and the client defaults to using the potentially malicious Content-Length header, developers can mitigate this issue in their code by always imposing an explicit, safe limit on data reads.\nApplications using the http.client.HTTPResponse.read function directly can ensure that read operations specify a byte limit:\n~~~\n...\nmax_safe_read = 10 * 1024 * 1024\ndata = response.read(max_safe_read)\n...\n~~~",
    "lang" : "en:us"
  },
  "csaw" : false
}