CVE-2021-3737 Information

Jun 07, 2022 cve

Description

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker who controls the HTTP server to make the client script enter an infinite loop consuming CPU time. The highest threat from this vulnerability is to system availability.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Reference

https://github.com/python/cpython/pull/25916 https://bugzilla.redhat.com/show_bug.cgi?id=1995162 https://ubuntu.com/security/CVE-2021-3737 https://github.com/python/cpython/pull/26503 https://bugs.python.org/issue44022 https://python-security.readthedocs.io/vuln/urllib-100-continue-loop.html https://python-security.readthedocs.io/vuln/urllib-100-continue-loop.html https://security.netapp.com/advisory/ntap-20220407-0009/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

7.5

Share on: