2428642 – CVE-2026-21441 python3.13-pip: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API) [epel-9]

Bug 2428642 - CVE-2026-21441 python3.13-pip: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API) [epel-9]

Summary: CVE-2026-21441 python3.13-pip: urllib3 vulnerable to decompression-bomb safeg...

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora EPEL
Classification:	Fedora
Component:	python3.13-pip
Sub Component:
Version:	epel9
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Karolina Surma
QA Contact:
Docs Contact:
URL:
Whiteboard:	{"flaws": ["923f2eaa-6fec-4f4f-b7d5-7...
Depends On:
Blocks:	CVE-2026-21441
TreeView+	depends on / blocked

Reported:	2026-01-12 11:01 UTC by Alexander B
Modified:	2026-01-14 14:03 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2026-01-14 14:03:20 UTC
Type:	---
Embargoed:

Attachments	(Terms of Use)

Description Alexander B 2026-01-12 11:01:21 UTC

Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.

The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams

Comment 1 Karolina Surma 2026-01-14 14:03:20 UTC

https://bugzilla.redhat.com/show_bug.cgi?id=2428651#c1

The pip uses bundled urllib3 in a way that completely prevents vulnerabilities
CVE-2025-66418 and CVE-2025-66471 from being exploited. Both vulnerabilities
are in the urllib3 code that handles decompression of the HTTP content, but pip
makes sure that this code is never executed. I've investigated the code and
also manually verified that:

- pip uses `Accept-Encoding: identity` HTTP headers to prevent HTTP servers
from compressing served content in any way, see the reasoning for this in:
https://github.com/pypa/pip/blob/91d1ae2f22df116f710931133db46130dc07e945/src/pip/_internal/network/utils.py#L7-L26
- When pip reads chunks of a response, it uses `decode_content=False` to
prevent urllib3 and requests libraries from decoding/decompressing the received
content. See:
https://github.com/pypa/pip/blob/91d1ae2f22df116f710931133db46130dc07e945/src/pip/_internal/network/utils.py#L67-L89
pip needs this to be able to calculate checksums from received data, and
decompressing them on urllib3 level would make it impossible.
- I've manually verified that when a (malicious) server is forced to respond
with compressed content, pip is not ready for that, reads raw compressed data
without decompressing in lower layers, and then fails when it tries to unpack
the downloaded archive in the expected format.

pip is also not vulnerable to CVE-2026-21441. When it comes to handling
redirects, pip uses the implementation on the requests level, so the vulnerable
code in urllib3 is present there, but it's never executed.

Therefore, pip is not vulnerable even if it bundles and uses any of the
vulnerable versions of urllib3.

Note You need to log in before you can comment on or make changes to this bug.