cpython icon indicating copy to clipboard operation
cpython copied to clipboard
Published 2 weeks ago verified publisher icon python

[3.10] gh-119451: Fix a potential denial of service in http.client (GH-119454)

Open miss-islington opened this issue 1 month ago • 1 comments

Reading the whole body of the HTTP response could cause OOM if the Content-Length value is too large even if the server does not send a large amount of data. Now the HTTP client reads large data by chunks, therefore the amount of consumed memory is proportional to the amount of sent data. (cherry picked from commit 5a4c4a033a4a54481be6870aa1896fad732555b5)

Co-authored-by: Serhiy Storchaka [email protected]

  • Issue: gh-119451

miss-islington avatar Dec 01 '25 15:12 miss-islington

when will this pr be merged?

yiheng avatar Jan 05 '26 05:01 yiheng