CVE-2025-13836
HIGH WAF: Medium
CVSS 7.5
Published: 2025-12-01
CWE-400
When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.
WAF Coverage Analysis
Uncontrolled Resource Consumption
Medium WAF Coverage
OWASP: A05:2021 Security Misconfiguration
912xxx - DOS Protection
Affected Software
| Vendor | Product | Version |
|---|---|---|
| python | python | up to 3.13.11 |
| python | python | 3.14.0 |
| python | python | 3.15.0 |
| python | python | 3.15.0 |
References
- github.com (Patch)
- github.com (Patch)
- github.com (Patch)
- github.com (Patch)
- github.com (Patch)
- github.com (Patch)
- github.com (Issue Tracking, Patch)
- github.com (Issue Tracking, Patch)
- mail.python.org (Vendor Advisory)