CNNVD-202512-670 Information
CNNVD ID
CNNVD-202512-670
Related CVE
- CNNVD Published: 2025-12-05
Description (Chinese)
urllib3是urllib3开源的一款Python HTTP库。该产品具有线程安全连接池、文件发布支持等。 urllib3 1.24版本至2.6.0之前版本存在安全漏洞,该漏洞源于解压链中的链接数量无限制,可能导致高CPU使用率和大量内存分配。
Description (English)
urllib3 is a Python HTTP library of the open source of urllib3. The product has a linear secure connection pool, document release support, etc. There is a security loophole in the pre-versions of urllib3 1.24 to 2.6.0, which stems from the unlimited number of links in the decompression chain, which may lead to high CPU usage and large memory distribution.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
urllib3
Published
2025-12-05
Last Modified
2026-02-24
References
https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53 https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8 https://www.oracle.com/security-alerts/cpujan2026.html https://vigilance.fr/vulnerability/urllib3-overload-via-Decompression-Chain-Links-49076 https://access.redhat.com/security/cve/cve-2025-66418
Patch
https://github.com/urllib3/urllib3/releases
Share on: