UBUNTU-CVE-2026-59939

Source
https://ubuntu.com/security/CVE-2026-59939
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-59939.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-59939
Upstream
Downstream
Related
Published
2026-07-09T00:00:00Z
Modified
2026-07-14T23:30:19.623803505Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
  • Ubuntu - medium
Summary
[none]
Details

httplib2 is a comprehensive HTTP client library for Python. Prior to 0.32.0, httplib2 performs unbounded decompression of HTTP response bodies encoded with Content-Encoding: gzip or deflate in _decompressContent in httplib2/init.py, allowing a malicious or compromised HTTP server to return a small compressed payload that expands to an arbitrarily large size in memory and causes MemoryError or OOM-kill in the client process. This issue is fixed in version 0.32.0.

References

Affected packages

Ubuntu:14.04:LTS
python-httplib2

Package

Name
python-httplib2
Purl
pkg:deb/ubuntu/python-httplib2?arch=source&distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*
0.8-2
0.8-2build1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "0.8-2build1",
            "binary_name": "python-httplib2"
        },
        {
            "binary_version": "0.8-2build1",
            "binary_name": "python3-httplib2"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-59939.json"
Ubuntu:16.04:LTS
python-httplib2

Package

Name
python-httplib2
Purl
pkg:deb/ubuntu/python-httplib2?arch=source&distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*
0.9+dfsg-2
0.9.1+dfsg-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "0.9.1+dfsg-1",
            "binary_name": "python-httplib2"
        },
        {
            "binary_version": "0.9.1+dfsg-1",
            "binary_name": "python3-httplib2"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-59939.json"
Ubuntu:18.04:LTS
python-httplib2

Package

Name
python-httplib2
Purl
pkg:deb/ubuntu/python-httplib2?arch=source&distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*
0.9.2+dfsg-1
0.9.2+dfsg-1ubuntu0.1
0.9.2+dfsg-1ubuntu0.2
0.9.2+dfsg-1ubuntu0.3

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "0.9.2+dfsg-1ubuntu0.3",
            "binary_name": "python-httplib2"
        },
        {
            "binary_version": "0.9.2+dfsg-1ubuntu0.3",
            "binary_name": "python3-httplib2"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-59939.json"
Ubuntu:20.04:LTS
python-httplib2

Package

Name
python-httplib2
Purl
pkg:deb/ubuntu/python-httplib2?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*
0.11.3-2
0.11.3-2build1
0.14.0-1
0.14.0-1ubuntu1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "0.14.0-1ubuntu1",
            "binary_name": "python-httplib2"
        },
        {
            "binary_version": "0.14.0-1ubuntu1",
            "binary_name": "python3-httplib2"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-59939.json"
Ubuntu:22.04:LTS
python-httplib2

Package

Name
python-httplib2
Purl
pkg:deb/ubuntu/python-httplib2?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.20.2-2ubuntu0.1

Affected versions

0.*
0.18.1-3ubuntu1
0.20.2-2

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "0.20.2-2ubuntu0.1",
            "binary_name": "python3-httplib2"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-59939.json"
Ubuntu:24.04:LTS
python-httplib2

Package

Name
python-httplib2
Purl
pkg:deb/ubuntu/python-httplib2?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.20.4-3ubuntu0.1

Affected versions

0.*
0.20.4-3

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "0.20.4-3ubuntu0.1",
            "binary_name": "python3-httplib2"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-59939.json"
Ubuntu:25.10
python-httplib2

Package

Name
python-httplib2
Purl
pkg:deb/ubuntu/python-httplib2?arch=source&distro=questing

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*
0.22.0-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "0.22.0-1",
            "binary_name": "python3-httplib2"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-59939.json"
Ubuntu:26.04:LTS
python-httplib2

Package

Name
python-httplib2
Purl
pkg:deb/ubuntu/python-httplib2?arch=source&distro=resolute

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.22.0-1ubuntu0.1

Affected versions

0.*
0.22.0-1
0.22.0-1build1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "0.22.0-1ubuntu0.1",
            "binary_name": "python3-httplib2"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-59939.json"