Vulnerability CVE-2021-3737: Information
Description
A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Published: March 4, 2022
Modified: Nov. 7, 2023
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
python | sisyphus | 2.7.18-alt8 | 2.7.18-alt11 | ALT-PU-2021-3010-1 | 286676 | Fixed |
python | sisyphus_e2k | 2.7.18-alt8 | 2.7.18-alt11 | ALT-PU-2022-3615-1 | - | Fixed |
python | p10 | 2.7.18-alt10 | 2.7.18-alt10 | ALT-PU-2022-3044-1 | 309289 | Fixed |
python | p10_e2k | 2.7.18-alt10 | 2.7.18-alt10 | ALT-PU-2022-7062-1 | - | Fixed |
python | c10f1 | 2.7.18-alt10 | 2.7.18-alt10 | ALT-PU-2022-3044-1 | 309289 | Fixed |
python3 | sisyphus | 3.9.6-alt1 | 3.12.2-alt1 | ALT-PU-2021-2084-1 | 276295 | Fixed |
python3 | p10 | 3.9.6-alt1 | 3.9.18-alt1 | ALT-PU-2021-2084-1 | 276295 | Fixed |
python3 | p9 | 3.7.11-alt1 | 3.7.17-alt1 | ALT-PU-2021-2653-1 | 273501 | Fixed |
python3 | c10f1 | 3.9.6-alt1 | 3.9.18-alt0.c10f1.1 | ALT-PU-2021-2084-1 | 276295 | Fixed |
python3 | c9f2 | 3.7.17-alt1 | 3.7.17-alt1 | ALT-PU-2024-3474-2 | 342077 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://github.com/python/cpython/pull/25916 |
|
https://bugzilla.redhat.com/show_bug.cgi?id=1995162 |
|
https://ubuntu.com/security/CVE-2021-3737 |
|
https://github.com/python/cpython/pull/26503 |
|
https://bugs.python.org/issue44022 |
|
https://python-security.readthedocs.io/vuln/urllib-100-continue-loop.html |
|
https://security.netapp.com/advisory/ntap-20220407-0009/ |
|
N/A |
|
[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update | |
[debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update |