vulnerability

Oracle Linux: CVE-2025-13836: ELSA-2026-1374: python3.11 security update (MODERATE) (Multiple Advisories)

Try Surface Command
Back to search
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:N/I:N/A:C)
Published
Dec 1, 2025
Added
Jan 29, 2026
Modified
Feb 11, 2026

Description

When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.
A flaw was found in the http.client module in the Python standard library. When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This issue allows a malicious server to cause the client to read large amounts of data into memory, potentially causing memory allocations errors, swapping, out-of-memory conditions or even system freezes.

Solutions

oracle-linux-upgrade-python3oracle-linux-upgrade-python3-11oracle-linux-upgrade-python3-11-debugoracle-linux-upgrade-python3-11-develoracle-linux-upgrade-python3-11-idleoracle-linux-upgrade-python3-11-libsoracle-linux-upgrade-python3-11-rpm-macrosoracle-linux-upgrade-python3-11-testoracle-linux-upgrade-python3-11-tkinteroracle-linux-upgrade-python3-12oracle-linux-upgrade-python3-12-debugoracle-linux-upgrade-python3-12-develoracle-linux-upgrade-python3-12-idleoracle-linux-upgrade-python3-12-libsoracle-linux-upgrade-python3-12-rpm-macrosoracle-linux-upgrade-python3-12-testoracle-linux-upgrade-python3-12-tkinteroracle-linux-upgrade-python3-debugoracle-linux-upgrade-python3-develoracle-linux-upgrade-python3-idleoracle-linux-upgrade-python3-libsoracle-linux-upgrade-python3-testoracle-linux-upgrade-python3-tkinteroracle-linux-upgrade-python-unversioned-command

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today