CVE Vulnerabilities

CVE-2026-59939

Improper Handling of Highly Compressed Data (Data Amplification)

Published: Jul 08, 2026 | Modified: Jul 13, 2026
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
7.5 IMPORTANT
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Ubuntu
MEDIUM
root.io logo minimus.io logo echo.ai logo

httplib2 is a comprehensive HTTP client library for Python. Prior to 0.32.0, httplib2 performs unbounded decompression of HTTP response bodies encoded with Content-Encoding: gzip or deflate in _decompressContent in httplib2/init.py, allowing a malicious or compromised HTTP server to return a small compressed payload that expands to an arbitrarily large size in memory and causes MemoryError or OOM-kill in the client process. This issue is fixed in version 0.32.0.

Weakness

The product does not handle or incorrectly handles a compressed input with a very high compression ratio that produces a large output.

Affected Software

NameVendorStart VersionEnd Version
Httplib2Httplib2_project*0.32.0 (excluding)
Python-httplib2Ubuntudevel*
Python-httplib2Ubuntujammy*
Python-httplib2Ubuntunoble*
Python-httplib2Ubuntuquesting*
Python-httplib2Ubunturesolute*
Python-httplib2Ubuntuupstream*

References