CVE-2021-3737

CWE-835CWE-400Uncontrolled Resource Consumption15 documents9 sources
Severity
7.5HIGH
EPSS
0.1%
top 69.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
12
Python PythonCanonical Ubuntu LinuxFedoraproject Fedora+9 more
Timeline
PublishedMar 4
Latest updateJul 11

Description

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages10 packages

NVDpython/python3.6.03.6.14+3
Debianpython3.9< 3.9.2-1+deb11u2
Ubuntupython3.4< 3.4.3-1ubuntu1~14.04.7+esm11
Ubuntupython3.5< 3.5.2-2ubuntu0~16.04.13+esm1
CVEListV5pythonFixed in python v3.6.14, python v3.7.11, python v3.8.11, python v3.9.6, python v3.10.0b2

Also affects: Enterprise Linux 6.0, 7.0, 8.0, Fedora 33, 34, Ubuntu Linux 14.04, 16.04, 18.04, 20.04, 21.04

Patches

Patch: bugzilla.redhat.comPatch: github.comPatch: github.com

🔴Vulnerability Details

5
GHSA
GHSA-hr7v-m862-8hh8: A flaw was found in python2022-05-24
CVEList
CVE-2021-3737: A flaw was found in python2022-03-04
OSV
CVE-2021-3737: A flaw was found in python2022-03-04
OSV
python3.6 vulnerabilities2021-12-17
OSV
python3.4, python3.5 vulnerabilities2021-09-16

📋Vendor Advisories

9
Ubuntu
Python vulnerabilities2024-07-11
Oracle
Oracle Oracle Database Server Risk Matrix: Oracle Database - Machine Learning for Python (Python) — CVE-2021-37372023-01-15
Microsoft
A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker who controls the HTTP server to make the client script enter an infinite l2022-03-08
Ubuntu
Python vulnerabilities2021-12-17
Ubuntu
Python vulnerabilities2021-12-17