CVE-2025-13836 – Excessive read buffering DoS in http.client

CVE ID : CVE-2025-13836

Published : Dec. 1, 2025, 6:02 p.m. | 23 minutes ago

Description : When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…