7.5

CVE-2021-3737

Exploit
A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PythonPython Version >= 3.6.0 < 3.6.14
PythonPython Version >= 3.7.0 < 3.7.11
PythonPython Version >= 3.8.0 < 3.8.11
PythonPython Version >= 3.9.0 < 3.9.6
RedhatEnterprise Linux Version6.0
RedhatEnterprise Linux Version7.0
RedhatEnterprise Linux Version8.0
FedoraprojectFedora Version33
FedoraprojectFedora Version34
CanonicalUbuntu Linux Version14.04 SwEditionesm
CanonicalUbuntu Linux Version16.04 SwEditionesm
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version20.04 SwEditionlts
CanonicalUbuntu Linux Version21.04
NetappHci Version-
NetappNetapp Xcp Smb Version-
NetappXcp Nfs Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 11.59% 0.955
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 7.1 8.6 6.9
AV:N/AC:M/Au:N/C:N/I:N/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

https://www.oracle.com/security-alerts/cpujul2022.html
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html
https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html
https://bugs.python.org/issue44022
Vendor Advisory
Exploit
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=1995162
Patch
Third Party Advisory
Issue Tracking
https://github.com/python/cpython/pull/25916
Patch
Third Party Advisory
https://github.com/python/cpython/pull/26503
Patch
Third Party Advisory
https://python-security.readthedocs.io/vuln/urllib-100-continue-loop.html
Patch
Third Party Advisory
https://security.netapp.com/advisory/ntap-20220407-0009/
Third Party Advisory
https://ubuntu.com/security/CVE-2021-3737
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/11/msg00024.html
https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html