Описание
When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| python3.14 | fixed | 3.14.2-1 | package | |
| python3.13 | fixed | 3.13.11-1 | package | |
| python3.13 | no-dsa | trixie | package | |
| python3.11 | removed | package | ||
| python3.11 | no-dsa | bookworm | package | |
| python3.9 | removed | package | ||
| pypy3 | unfixed | package | ||
| pypy3 | no-dsa | trixie | package | |
| pypy3 | no-dsa | bookworm | package | |
| pypy3 | not-affected | bullseye | package |
Примечания
https://github.com/python/cpython/issues/119451
https://github.com/python/cpython/pull/119454
https://github.com/python/cpython/commit/5a4c4a033a4a54481be6870aa1896fad732555b5 (main)
https://github.com/python/cpython/commit/4ce27904b597c77d74dd93f2c912676021a99155 (v3.14.1)
https://github.com/python/cpython/commit/289f29b0fe38baf2d7cb5854f4bb573cc34a6a15 (v3.13.11)
Introduced by: https://github.com/python/cpython/commit/d6bf6f2d0c83f0c64ce86e7b9340278627798090 (v3.8.0a4)
but reverted for branch 3.9 (only): https://github.com/python/cpython/commit/153365d864c411f6fb523efa752ccb3497d815ca (v3.9.7)
Связанные уязвимости
When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.
When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.
When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.
