Python http.client Module Denial-of-Service Vulnerability Due to Improper Content-Length Handling

A denial-of-service vulnerability has been identified in the Python http.client module. When reading an HTTP response, the client by default relies on the Content-Length header to determine how much data to read. If a malicious server sends a response with a large Content-Length value, the client can be tricked into consuming excessive amounts of memory. This issue can lead to out-of-memory errors, process or container termination, or even system crashes. The vulnerability is present in Python versions 3.10, 3.11, 3.12, 3.13, and 3.14.

Impact

Exploitation of this vulnerability can cause excessive memory consumption, leading to out-of-memory errors, process or container termination, or system crashes.

Reproduction

The vulnerability can be reproduced by sending an HTTP response with a large Content-Length header value from a server to a client using the http.client module. The client will then read an excessive amount of data into memory, causing out-of-memory conditions.

Remediation

The vulnerability has been fixed in Python versions 3.10, 3.11, 3.12, 3.13, and 3.14. Users can upgrade to these versions to address the vulnerability.