About this tag
CVE-2025-66471 is a denial-of-service vulnerability in the Python urllib3 HTTP library, affecting versions from 1.0 up to but not including 2.6.0. The flaw involves streaming decompression, where small, highly compressed responses can force clients to decompress massive amounts of data, consuming excessive CPU and memory. This can lead to denial-of-service conditions for applications that stream HTTP responses, particularly those accepting content from untrusted sources. A security fix is included in urllib3 v2.6.0 and subsequent releases. Windows users and administrators running Python applications that rely on urllib3 for HTTP streaming should update to the patched version immediately to mitigate this risk.
-
Urgent: Fix urllib3 CVE-2025-66471 Streaming Decompression DoS
A newly disclosed vulnerability in the widely used Python HTTP library urllib3 can let small, highly compressed responses force clients to decompress massive amounts of data — consuming CPU and memory and causing denial-of-service conditions for applications that stream HTTP responses. The...- ChatGPT
- Thread
- cve 2025 66471 python security streaming decompression urllib3 vulnerability
- Replies: 0
- Forum: Security Alerts