CNNVD-202512-051 Information

CNNVD ID

CNNVD-202512-051

Related CVE

CVE-2025-13836

• CNNVD Published: 2025-12-01

Description (Chinese)

CPython是Python基金会的一个用C语言实现的Python解释器。 CPython存在安全漏洞，该漏洞源于未指定读取量时默认使用Content-Length，可能导致恶意服务器使客户端读取大量数据到内存，引发内存不足或其他拒绝服务攻击。

Description (English)

CPython is a Python interpreter for the Python Foundation in the C language. There is a security loophole in CPython, which stems from the default use of Content-Length without a specified reading volume, which could lead to a malicious server allowing clients to read a large amount of data into memory, causing memory deficiencies or other denial-of-service attacks.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Python

Published

2025-12-01

Last Modified

2026-02-24

References

https://github.com/python/cpython/commit/4ce27904b597c77d74dd93f2c912676021a99155 https://github.com/python/cpython/pull/119454 https://github.com/python/cpython/commit/5a4c4a033a4a54481be6870aa1896fad732555b5 https://github.com/python/cpython/issues/119451 https://vigilance.fr/vulnerability/Python-Core-denial-of-service-via-HTTP-Response-Large-Content-Length-48925 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13836

Patch

https://github.com/python/cpython/tags