Bug 2418078 (CVE-2025-13836)

Summary: CVE-2025-13836 cpython: Excessive read buffering DoS in http.client
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: bbrownin, dfreiber, drow, gotiwari, jburrell, jgrulich, jhorak, jkoehler, ljawale, lphiri, luizcosta, mvyas, nweather, rbobbitt, sdawley, teagle, tpopela, vkumar
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in the http.client module in the Python standard library. When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This issue allows a malicious server to cause the client to read large amounts of data into memory, potentially causing memory allocations errors, swapping, out-of-memory conditions or even system freezes.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2428927, 2428929, 2428931, 2428939, 2428941, 2428928, 2428930, 2428932, 2428933, 2428934, 2428935, 2428936, 2428937, 2428938, 2428940, 2428942, 2428943, 2428944, 2428945, 2428946, 2428947, 2428948    
Bug Blocks:    

Description OSIDB Bzimport 2025-12-01 19:01:30 UTC 
When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.
Comment 2 errata-xmlrpc 2026-01-27 15:10:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:1374 https://access.redhat.com/errata/RHSA-2026:1374
Comment 3 errata-xmlrpc 2026-01-27 17:17:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:1408 https://access.redhat.com/errata/RHSA-2026:1408
Comment 4 errata-xmlrpc 2026-01-27 17:23:33 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:1410 https://access.redhat.com/errata/RHSA-2026:1410