Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Fri, 10 Jul 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Fri, 10 Jul 2026 09:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Httplib2 Project
Httplib2 Project httplib2 |
|
| Vendors & Products |
Httplib2 Project
Httplib2 Project httplib2 |
Fri, 10 Jul 2026 00:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
| |
| Metrics |
threat_severity
|
threat_severity
|
Wed, 08 Jul 2026 19:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | httplib2 is a comprehensive HTTP client library for Python. Prior to 0.32.0, httplib2 performs unbounded decompression of HTTP response bodies encoded with Content-Encoding: gzip or deflate in _decompressContent in httplib2/init.py, allowing a malicious or compromised HTTP server to return a small compressed payload that expands to an arbitrarily large size in memory and causes MemoryError or OOM-kill in the client process. This issue is fixed in version 0.32.0. | |
| Title | httplib2: Decompression Bomb Denial of Service via Unbounded gzip/deflate Response Handling | |
| Weaknesses | CWE-409 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-07-10T14:55:12.554Z
Reserved: 2026-07-07T18:20:06.127Z
Link: CVE-2026-59939
Updated: 2026-07-10T14:54:22.170Z
No data.
OpenCVE Enrichment
Updated: 2026-07-13T08:30:04Z