Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2025-13836

Опубликовано: 01 дек. 2025
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 9.1

Описание

When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.

РелизСтатусПримечание
devel

DNE

esm-apps/focal

not-affected

2.7.18-1~20.04.7+esm8
esm-apps/jammy

not-affected

2.7.18-13ubuntu1.5+esm7
esm-infra-legacy/trusty

not-affected

2.7.6-8ubuntu0.6+esm28
esm-infra/bionic

not-affected

2.7.17-1~18.04ubuntu1.13+esm13
esm-infra/xenial

not-affected

2.7.12-1ubuntu0~16.04.18+esm18
jammy

not-affected

2.7.18-13ubuntu1.5
noble

DNE

plucky

DNE

questing

DNE

Показывать по

РелизСтатусПримечание
devel

DNE

jammy

released

3.10.12-1~22.04.13
noble

DNE

plucky

DNE

questing

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

DNE

esm-apps/jammy

released

3.11.0~rc1-1~22.04.1~esm7
jammy

needed

noble

DNE

plucky

DNE

questing

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

DNE

jammy

DNE

noble

released

3.12.3-1ubuntu0.10
plucky

DNE

questing

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

not-affected

3.13.11-1
jammy

DNE

noble

DNE

plucky

released

3.13.3-1ubuntu0.5
questing

released

3.13.7-1ubuntu0.2
upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

not-affected

3.14.2-1
jammy

DNE

noble

DNE

plucky

DNE

questing

released

3.14.0-1ubuntu0.1
upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra-legacy/trusty

not-affected

3.4.3-1ubuntu1~14.04.7+esm17
jammy

DNE

noble

DNE

plucky

DNE

questing

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra-legacy/trusty

not-affected

3.5.2-2ubuntu0~16.04.4~14.04.1+esm8
esm-infra/xenial

not-affected

3.5.2-2ubuntu0~16.04.13+esm20
jammy

DNE

noble

DNE

plucky

DNE

questing

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/bionic

not-affected

3.6.9-1~18.04ubuntu1.13+esm7
jammy

DNE

noble

DNE

plucky

DNE

questing

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

DNE

esm-apps/bionic

not-affected

3.7.5-2ubuntu1~18.04.2+esm8
jammy

DNE

noble

DNE

plucky

DNE

questing

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

DNE

esm-apps/bionic

released

3.8.0-3ubuntu1~18.04.2+esm8
esm-infra/focal

released

3.8.10-0ubuntu1~20.04.18+esm4
jammy

DNE

noble

DNE

plucky

DNE

questing

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

DNE

esm-apps/focal

released

3.9.5-3ubuntu0~20.04.1+esm8
jammy

DNE

noble

DNE

plucky

DNE

questing

DNE

upstream

needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 29%
0.00103
Низкий

9.1 Critical

CVSS3

Связанные уязвимости

nvd логотип

CVE-2025-13836

CVSS3: 9.1
nvd
2 месяца назад

When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.

msrc логотип

CVE-2025-13836

msrc
2 месяца назад

Excessive read buffering DoS in http.client

debian логотип

CVE-2025-13836

CVSS3: 9.1
debian
2 месяца назад

When reading an HTTP response from a server, if no read amount is spec ...

github логотип

GHSA-399h-rrqc-rpgv

CVSS3: 9.1
github
2 месяца назад

When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.

suse-cvrf логотип

SUSE-SU-2026:0133-1

suse-cvrf
19 дней назад

Security update for python

EPSS

Процентиль: 29%
0.00103
Низкий

9.1 Critical

CVSS3