[3.12] gh-119451: Fix a potential denial of service in http.client (GH-119454) by miss-islington · Pull Request #142140 · python/cpython
…thonGH-119454) Reading the whole body of the HTTP response could cause OOM if the Content-Length value is too large even if the server does not send a large amount of data. Now the HTTP client reads large data by chunks, therefore the amount of consumed memory is proportional to the amount of sent data. (cherry picked from commit 5a4c4a0) Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
vivian-rook pushed a commit to wolfi-dev/advisories that referenced this pull request
github-merge-queue Bot pushed a commit to wolfi-dev/advisories that referenced this pull request
frenzymadness pushed a commit to frenzymadness/cpython that referenced this pull request
[3.12] pythongh-119451: Fix a potential denial of service in http.client (pythonGH-119454) (python#142140) pythongh-119451: Fix a potential denial of service in http.client (pythonGH-119454) Reading the whole body of the HTTP response could cause OOM if the Content-Length value is too large even if the server does not send a large amount of data. Now the HTTP client reads large data by chunks, therefore the amount of consumed memory is proportional to the amount of sent data. (cherry picked from commit 5a4c4a0) Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
hrnciar pushed a commit to fedora-python/cpython that referenced this pull request
[3.12] pythongh-119451: Fix a potential denial of service in http.client (pythonGH-119454) (python#142140) pythongh-119451: Fix a potential denial of service in http.client (pythonGH-119454) Reading the whole body of the HTTP response could cause OOM if the Content-Length value is too large even if the server does not send a large amount of data. Now the HTTP client reads large data by chunks, therefore the amount of consumed memory is proportional to the amount of sent data. (cherry picked from commit 5a4c4a0) Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
hrnciar pushed a commit to fedora-python/cpython that referenced this pull request
[3.12] pythongh-119451: Fix a potential denial of service in http.client (pythonGH-119454) (python#142140) pythongh-119451: Fix a potential denial of service in http.client (pythonGH-119454) Reading the whole body of the HTTP response could cause OOM if the Content-Length value is too large even if the server does not send a large amount of data. Now the HTTP client reads large data by chunks, therefore the amount of consumed memory is proportional to the amount of sent data. (cherry picked from commit 5a4c4a0) Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters