UBUNTU-CVE-2025-6176

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2025-6176
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-6176.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-6176
Upstream
  • CVE-2025-6176
Published
2025-10-31T00:15:00Z
Modified
2025-11-06T05:22:35Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
  • Ubuntu - medium
Summary
[none]
Details

Scrapy versions up to 2.13.2 are vulnerable to a denial of service (DoS) attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occurs because brotli can achieve extremely high compression ratios for zero-filled data, leading to excessive memory consumption during decompression.

References

Affected packages

Ubuntu:16.04:LTS

python-scrapy

Package

Name
python-scrapy
Purl
pkg:deb/ubuntu/python-scrapy@1.0.3-1?arch=source&distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.0.0-1
1.0.3-1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "python-scrapy",
            "binary_version": "1.0.3-1"
        }
    ]
}

Ubuntu:25.04

python-scrapy

Package

Name
python-scrapy
Purl
pkg:deb/ubuntu/python-scrapy@2.12.0-2?arch=source&distro=plucky

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.11.2-1
2.11.2-3
2.12.0-1
2.12.0-2

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "python3-scrapy",
            "binary_version": "2.12.0-2"
        }
    ]
}

Ubuntu:25.10

python-scrapy

Package

Name
python-scrapy
Purl
pkg:deb/ubuntu/python-scrapy@2.12.0-2?arch=source&distro=questing

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.12.0-2

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "python3-scrapy",
            "binary_version": "2.12.0-2"
        }
    ]
}

Ubuntu:Pro:18.04:LTS

python-scrapy

Package

Name
python-scrapy
Purl
pkg:deb/ubuntu/python-scrapy@1.5.0-1ubuntu0.1~esm1?arch=source&distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.3.0-1~exp2
1.4.0-1
1.5.0-1
1.5.0-1ubuntu0.1~esm1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "python-scrapy",
            "binary_version": "1.5.0-1ubuntu0.1~esm1"
        },
        {
            "binary_name": "python3-scrapy",
            "binary_version": "1.5.0-1ubuntu0.1~esm1"
        }
    ]
}

Ubuntu:Pro:20.04:LTS

python-scrapy

Package

Name
python-scrapy
Purl
pkg:deb/ubuntu/python-scrapy@1.7.3-1ubuntu0.1~esm1?arch=source&distro=esm-apps/focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.7.3-1
1.7.3-1ubuntu0.1~esm1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "python3-scrapy",
            "binary_version": "1.7.3-1ubuntu0.1~esm1"
        }
    ]
}

Ubuntu:Pro:22.04:LTS

python-scrapy

Package

Name
python-scrapy
Purl
pkg:deb/ubuntu/python-scrapy@2.5.1-2ubuntu0.1~esm1?arch=source&distro=esm-apps/jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.4.1-2
2.5.1-2
2.5.1-2ubuntu0.1~esm1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "python3-scrapy",
            "binary_version": "2.5.1-2ubuntu0.1~esm1"
        }
    ]
}

Ubuntu:Pro:24.04:LTS

python-scrapy

Package

Name
python-scrapy
Purl
pkg:deb/ubuntu/python-scrapy@2.11.1-1ubuntu0.1~esm2?arch=source&distro=esm-apps/noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.10.0-1
2.11.0-1
2.11.0-2
2.11.1-1
2.11.1-1ubuntu0.1~esm2

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "python3-scrapy",
            "binary_version": "2.11.1-1ubuntu0.1~esm2"
        }
    ]
}