1885 matches found
Denial Of Service (DoS)
urllib3 is vulnerable to Denial-Of-Service DoS. The vulnerability is due to improper handling of highly compressed data in the streaming API, where decompression continues until the requested chunk size is satisfied, allowing a small, highly compressed response to be fully decompressed in a singl...
SUSE CVE-2025-66418
urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory...
expat: large number of colons in input makes parser consume high amount of resources, leading to DoS
It was discovered that the "setElementTypePrefix" function incorrectly extracted XML namespace prefixes. By tricking an application into processing a specially crafted XML file, an attacker could cause unusually high consumption of memory resources and possibly lead to a denial of service...
Linux Distros Unpatched Vulnerability : CVE-2025-66471
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed...
Linux Distros Unpatched Vulnerability : CVE-2025-66418
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was...
powerdns-recursor -- Denial of Service
PowerDNS Team reports: 2025-07: Internal logic flaw in cache management can lead to a denial of service in Recursor 2025-08: Insufficient validation of incoming notifies over TCP can lead to a denial of service in Recursor 2026-01: Crafted zones can lead to increased resource usage in Recursor...
urllib3 streaming API improperly handles highly compressed data
Impact urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP...
GHSA-GM62-XV2J-4W53 urllib3 allows an unbounded number of links in the decompression chain
Impact urllib3 supports chained HTTP encoding algorithms for response content according to RFC 9110 e.g., Content-Encoding: gzip, zstd. However, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps...
AZL-71849 CVE-2025-66471 affecting package python-urllib3 1.26.19-3
urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than...
AZL-71837 CVE-2025-66471 affecting package python-urllib3 for versions less than 2.0.7-3
urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than...
CVE-2025-66418
urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory...
UBUNTU-CVE-2025-66418
urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory...
CVE-2025-66471
urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than...
EUVD-2025-201421
urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory...
CVE-2025-66418 urllib3 allows an unbounded number of links in the decompression chain
urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory...
CVE-2025-66418 urllib3 allows an unbounded number of links in the decompression chain
urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory...
CVE-2025-66418
urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory...
urllib3 安全漏洞
urllib3 is a Python HTTP library open-sourced by urllib3. It features thread-safe connection pooling, file publishing support, and more. A security vulnerability exists in urllib3 version 1.24 up to and including version 2.6.0, which stems from an unlimited number of links in the decompression...
CVE-2025-66564
Sigstore Timestamp Authority contains a vulnerability (CVE-2025-66564) where ParseJSONRequest and getContentType allocate O(n) bytes when handling untrusted input (an OID with many periods or a malformed Content-Type header). The issue is triggered by using strings.Split on untrusted data, leadin...
UBUNTU-CVE-2025-66506
Fulcio is a free-to-use certificate authority for issuing code signing certificates for an OpenID Connect OIDC identity. Prior to 1.8.3, function identity.extractIssuerURL splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious...