Описание
When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.
A flaw was found in the http.client module in the Python standard library. When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This issue allows a malicious server to cause the client to read large amounts of data into memory, potentially causing memory allocations errors, swapping, out-of-memory conditions or even system freezes.
Отчет
This issue can only be exploited by Python applications using the http.client.HTTPResponse.read function without the amount parameter, which specifies the read size in bytes. Note that Python libraries may use this function internally and make applications vulnerable. Additionally, vulnerable Python applications must connect to a malicious or compromised server that replies with a very large or crafted Content-Length header to trigger this issue, limiting the exposure of this vulnerability.
Меры по смягчению последствий
Since this vulnerability is triggered when no read amount is specified and the client defaults to using the potentially malicious Content-Length header, developers can mitigate this issue in their code by always imposing an explicit, safe limit on data reads. Applications using the http.client.HTTPResponse.read function directly can ensure that read operations specify a byte limit:
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | firefox | Not affected | ||
| Red Hat Enterprise Linux 6 | python | Not affected | ||
| Red Hat Enterprise Linux 7 | firefox | Not affected | ||
| Red Hat Enterprise Linux 7 | python | Not affected | ||
| Red Hat Enterprise Linux 7 | python3 | Not affected | ||
| Red Hat Enterprise Linux 8 | firefox | Not affected | ||
| Red Hat Enterprise Linux 8 | python3 | Not affected | ||
| Red Hat Enterprise Linux 8 | python36:3.6/python36 | Not affected | ||
| Red Hat Enterprise Linux 8 | python39-devel:3.9/python39 | Not affected | ||
| Red Hat Enterprise Linux 9 | firefox | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
6.8 Medium
CVSS3
Связанные уязвимости
When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.
When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.
When reading an HTTP response from a server, if no read amount is spec ...
EPSS
6.8 Medium
CVSS3