Improper Handling of Highly Compressed Data (Data Amplification) Affecting fence-agents-ibmblade package, versions *


Severity

Recommended
0.0
high
0
10

Based on Red Hat Enterprise Linux security rating.

Threat Intelligence

EPSS
0.36% (28th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-RHEL8-FENCEAGENTSIBMBLADE-17938111
  • published10 Jul 2026
  • disclosed8 Jul 2026

Introduced: 8 Jul 2026

NewCVE-2026-59939  (opens in a new tab)
CWE-409  (opens in a new tab)

How to fix?

There is no fixed version for RHEL:8 fence-agents-ibmblade.

NVD Description

Note: Versions mentioned in the description apply only to the upstream fence-agents-ibmblade package and not the fence-agents-ibmblade package as distributed by RHEL. See How to fix? for RHEL:8 relevant fixed versions and status.

httplib2 is a comprehensive HTTP client library for Python. Prior to 0.32.0, httplib2 performs unbounded decompression of HTTP response bodies encoded with Content-Encoding: gzip or deflate in _decompressContent in httplib2/init.py, allowing a malicious or compromised HTTP server to return a small compressed payload that expands to an arbitrarily large size in memory and causes MemoryError or OOM-kill in the client process. This issue is fixed in version 0.32.0.

CVSS Base Scores

version 3.1