Vulnerability CVE-2021-3737: Information

Description

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2021-3737
Published: March 4, 2022
Modified: Nov. 7, 2023
Error type identifier: CWE-400CWE-835

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
pythonsisyphus2.7.18-alt82.7.18-alt11ALT-PU-2021-3010-1286676Fixed
pythonsisyphus_e2k2.7.18-alt82.7.18-alt11ALT-PU-2022-3615-1-Fixed
pythonp102.7.18-alt102.7.18-alt10ALT-PU-2022-3044-1309289Fixed
pythonp10_e2k2.7.18-alt102.7.18-alt10ALT-PU-2022-7062-1-Fixed
pythonc10f12.7.18-alt102.7.18-alt10ALT-PU-2022-3044-1309289Fixed
python3sisyphus3.9.6-alt13.12.2-alt1ALT-PU-2021-2084-1276295Fixed
python3p103.9.6-alt13.9.18-alt1ALT-PU-2021-2084-1276295Fixed
python3p93.7.11-alt13.7.17-alt1ALT-PU-2021-2653-1273501Fixed
python3c10f13.9.6-alt13.9.18-alt0.c10f1.1ALT-PU-2021-2084-1276295Fixed
python3c9f23.7.17-alt13.7.17-alt1ALT-PU-2024-3474-2342077Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://github.com/python/cpython/pull/25916
  • Patch
  • Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1995162
  • Issue Tracking
  • Patch
  • Third Party Advisory
https://ubuntu.com/security/CVE-2021-3737
  • Patch
  • Third Party Advisory
https://github.com/python/cpython/pull/26503
  • Patch
  • Third Party Advisory
https://bugs.python.org/issue44022
  • Exploit
  • Issue Tracking
  • Vendor Advisory
https://python-security.readthedocs.io/vuln/urllib-100-continue-loop.html
  • Patch
  • Third Party Advisory
https://security.netapp.com/advisory/ntap-20220407-0009/
  • Third Party Advisory
N/A
  • Patch
  • Third Party Advisory
[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update
    [debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update

        1. Configuration 1

          cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
          Start including
          3.8.0
          End excliding
          3.8.11
          cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
          Start including
          3.7.0
          End excliding
          3.7.11
          cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
          Start including
          3.9.0
          End excliding
          3.9.6
          cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
          Start including
          3.6.0
          End excliding
          3.6.14

          Configuration 2

          cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
          cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
          cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
          cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*
          cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*
          cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:8.0:*:*:*:*:*:*:*
          cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:8.0:*:*:*:*:*:*:*
          cpe:2.3:a:redhat:codeready_linux_builder:8.0:*:*:*:*:*:*:*

          Configuration 3

          cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
          cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

          Configuration 4

          cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
          cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
          cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
          cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
          cpe:2.3:o:canonical:ubuntu_linux:21.04:*:*:*:*:*:*:*

          Configuration 5

          cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
          cpe:2.3:a:netapp:hci:-:*:*:*:*:*:*:*
          cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*
          cpe:2.3:a:netapp:netapp_xcp_smb:-:*:*:*:*:*:*:*
          cpe:2.3:a:netapp:xcp_nfs:-:*:*:*:*:*:*:*

          Configuration 6

          cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*
          cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:*:*:*:*:*:*:*
          cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:*:*:*:*:*:*:*
      VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
      Version: v24.5.0
      Back to top