Ubuntu: Python Important Denial Of Service Issue USN-7951-1 CVE-2025-13836
Jan 12, 2026
•
LinuxSecurity Advisories
2 - 3 min read
Topics Covered
Python could be made to crash if it received specially crafted network traffic.
==========================================================================
Ubuntu Security Notice USN-7951-1
January 12, 2026
python3.8, python3.9, python3.10, python3.11, python3.12, python3.13,
python3.14 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.10
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Python could be made to crash if it received specially crafted network
traffic.
Software Description:
- python3.13: An interactive high-level object-oriented language
- python3.14: An interactive high-level object-oriented language
- python3.12: An interactive high-level object-oriented language
- python3.10: An interactive high-level object-oriented language
- python3.11: An interactive high-level object-oriented language
- python3.8: An interactive high-level object-oriented language
- python3.9: An interactive high-level object-oriented language
Details:
It was discovered that Python's http.client did not properly handle the
Content-Length header in HTTP responses. A malicious server could exploit
this to cause Python to allocate excessive memory, leading to a denial of
service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
libpython3.13 3.13.7-1ubuntu0.2
libpython3.14 3.14.0-1ubuntu0.1
python3.13 3.13.7-1ubuntu0.2
python3.14 3.14.0-1ubuntu0.1
Ubuntu 25.04
libpython3.13 3.13.3-1ubuntu0.5
python3.13 3.13.3-1ubuntu0.5
Ubuntu 24.04 LTS
libpython3.12t64 3.12.3-1ubuntu0.10
python3.12 3.12.3-1ubuntu0.10
Ubuntu 22.04 LTS
libpython3.10 3.10.12-1~22.04.13
libpython3.11 3.11.0~rc1-1~22.04.1~esm7
Available with Ubuntu Pro
python3.10 3.10.12-1~22.04.13
python3.11 3.11.0~rc1-1~22.04.1~esm7
Available with Ubuntu Pro
Ubuntu 20.04 LTS
libpython3.8 3.8.10-0ubuntu1~20.04.18+esm4
Available with Ubuntu Pro
libpython3.9 3.9.5-3ubuntu0~20.04.1+esm8
Available with Ubuntu Pro
python3.8 3.8.10-0ubuntu1~20.04.18+esm4
Available with Ubuntu Pro
python3.9 3.9.5-3ubuntu0~20.04.1+esm8
Available with Ubuntu Pro
Ubuntu 18.04 LTS
libpython3.8 3.8.0-3ubuntu1~18.04.2+esm8
Available with Ubuntu Pro
python3.8 3.8.0-3ubuntu1~18.04.2+esm8
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7951-1
CVE-2025-13836
Package Information:
https://launchpad.net/ubuntu/+source/python3.13/3.13.7-1ubuntu0.2
https://launchpad.net/ubuntu/+source/python3.14/3.14.0-1ubuntu0.1
https://launchpad.net/ubuntu/+source/python3.13/3.13.3-1ubuntu0.5
https://launchpad.net/ubuntu/+source/python3.12/3.12.3-1ubuntu0.10
PREVIOUS
NEXT
Ubuntu: Python Important Denial Of Service Issue USN-7951-1 CVE-2025-13836
ubuntu
January 12, 2026
Python could be made to crash if it received specially crafted network traffic.
Summary
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 25.04 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Python could be made to crash if it received specially crafted network traffic. Software Description: - python3.13: An interactive high-level object-oriented language - python3.14: An interactive high-level object-oriented language - python3.12: An interactive high-level object-oriented language - python3.10: An interactive high-level object-oriented language - python3.11: An interactive high-level object-oriented language - python3.8: An interactive high-level object-oriented language - python3.9: An interactive high-level object-oriented language Details: It was discovered that Python's http.client did not properly handle the Content-Length header in HTTP responses. A malicious server could exploit this to cause Python to allocate excessive memory, leading to a denial of service.
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 libpython3.13 3.13.7-1ubuntu0.2 libpython3.14 3.14.0-1ubuntu0.1 python3.13 3.13.7-1ubuntu0.2 python3.14 3.14.0-1ubuntu0.1 Ubuntu 25.04 libpython3.13 3.13.3-1ubuntu0.5 python3.13 3.13.3-1ubuntu0.5 Ubuntu 24.04 LTS libpython3.12t64 3.12.3-1ubuntu0.10 python3.12 3.12.3-1ubuntu0.10 Ubuntu 22.04 LTS libpython3.10 3.10.12-1~22.04.13 libpython3.11 3.11.0~rc1-1~22.04.1~esm7 Available with Ubuntu Pro python3.10 3.10.12-1~22.04.13 python3.11 3.11.0~rc1-1~22.04.1~esm7 Available with Ubuntu Pro Ubuntu 20.04 LTS libpython3.8 3.8.10-0ubuntu1~20.04.18+esm4 Available with Ubuntu Pro libpython3.9 3.9.5-3ubuntu0~20.04.1+esm8 Available with Ubuntu Pro python3.8 3.8.10-0ubuntu1~20.04.18+esm4 Available with Ubuntu Pro python3.9 3.9.5-3ubuntu0~20.04.1+esm8 Available with Ubuntu Pro Ubuntu 18.04 LTS libpython3.8 3.8.0-3ubuntu1~18.04.2+esm8 Available with Ubuntu Pro python3.8 3.8.0-3ubuntu1~18.04.2+esm8 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-7951-1
CVE-2025-13836
Severity
important
Lowest
Low
Medium
High
Critical
Ubuntu Security Notice USN-7951-1
Topics Covered
Package Information
https://launchpad.net/ubuntu/+source/python3.13/3.13.7-1ubuntu0.2 https://launchpad.net/ubuntu/+source/python3.14/3.14.0-1ubuntu0.1 https://launchpad.net/ubuntu/+source/python3.13/3.13.3-1ubuntu0.5 https://launchpad.net/ubuntu/+source/python3.12/3.12.3-1ubuntu0.10
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!