New submission from Christian Heimes:

This bug is similar to #16037 and a modified copy of #16038.

The nntplib module doesn't limit the amount of read data in its call to 
readline(). An erroneous or malicious news server can trick the nntplib module 
to consume large amounts of memory.

The nntplib module should be modified to use limited readline() with _MAXLINE 
like the httplib module.

components: Library (Lib)
messages: 171243
nosy: christian.heimes
priority: normal
severity: normal
status: open
title: nntplib: unlimited readline() from connection
type: resource usage
versions: Python 2.7, Python 3.2, Python 3.3

Python tracker <>
Python-bugs-list mailing list

Reply via email to