CVE-2021-3737
Last modified
CVE-2021-3737 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. EPSS estimates a 11.59% chance of exploitation in the next 30 days.
Description
A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Python | Python | >= 3.6.0, < 3.6.14 |
| Python | Python | >= 3.7.0, < 3.7.11 |
| Python | Python | >= 3.8.0, < 3.8.11 |
| Python | Python | >= 3.9.0, < 3.9.6 |
| Redhat | Codeready Linux Builder | 8.0 |
| Redhat | Codeready Linux Builder For Ibm Z Systems | 8.0 |
| Redhat | Codeready Linux Builder For Power Little Endian | 8.0 |
| Redhat | Enterprise Linux | 6.0 |
| Redhat | Enterprise Linux | 7.0 |
| Redhat | Enterprise Linux | 8.0 |
| Redhat | Enterprise Linux For Ibm Z Systems | 8.0 |
| Redhat | Enterprise Linux For Power Little Endian | 8.0 |
| Fedoraproject | Fedora | 33 |
| Fedoraproject | Fedora | 34 |
| Canonical | Ubuntu Linux | 14.04 |
| Canonical | Ubuntu Linux | 16.04 |
| Canonical | Ubuntu Linux | 18.04 |
| Canonical | Ubuntu Linux | 20.04 |
| Canonical | Ubuntu Linux | 21.04 |
| Netapp | Hci | All versions |
| Netapp | Management Services For Element Software | All versions |
| Netapp | Netapp Xcp Smb | All versions |
| Netapp | Ontap Select Deploy Administration Utility | All versions |
| Netapp | Xcp Nfs | All versions |
| Oracle | Communications Cloud Native Core Binding Support Function | 22.1.3 |
| Oracle | Communications Cloud Native Core Network Exposure Function | 22.1.1 |
| Oracle | Communications Cloud Native Core Policy | 22.2.0 |
References
- https://bugs.python.org/issue44022Exploit, Issue Tracking, Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1995162Issue Tracking, Patch, Third Party Advisory
- https://github.com/python/cpython/pull/25916Patch, Third Party Advisory
- https://github.com/python/cpython/pull/26503Patch, Third Party Advisory
- https://python-security.readthedocs.io/vuln/urllib-100-continue-loop.htmlPatch, Third Party Advisory
- https://security.netapp.com/advisory/ntap-20220407-0009/Third Party Advisory
- https://ubuntu.com/security/CVE-2021-3737Patch, Third Party Advisory
- https://www.oracle.com/security-alerts/cpujul2022.htmlPatch, Third Party Advisory
- https://bugs.python.org/issue44022Exploit, Issue Tracking, Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1995162Issue Tracking, Patch, Third Party Advisory
- https://github.com/python/cpython/pull/25916Patch, Third Party Advisory
- https://github.com/python/cpython/pull/26503Patch, Third Party Advisory
- https://python-security.readthedocs.io/vuln/urllib-100-continue-loop.htmlPatch, Third Party Advisory
- https://security.netapp.com/advisory/ntap-20220407-0009/Third Party Advisory
- https://ubuntu.com/security/CVE-2021-3737Patch, Third Party Advisory
- https://www.oracle.com/security-alerts/cpujul2022.htmlPatch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-3737?
How severe is CVE-2021-3737?
How do I fix CVE-2021-3737?
Are you affected by CVE-2021-3737?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST