CVE-2021-3737

high

Description

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.

References

Advisories
More

https://www.oracle.com/security-alerts/cpujul2022.html

https://ubuntu.com/security/CVE-2021-3737

https://security.netapp.com/advisory/ntap-20220407-0009/

https://python-security.readthedocs.io/vuln/urllib-100-continue-loop.html

https://github.com/python/cpython/pull/26503

https://github.com/python/cpython/pull/25916

https://bugzilla.redhat.com/show_bug.cgi?id=1995162

https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html

https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html

https://bugs.python.org/issue44022

Details

Source: Mitre, NVD

Published: 2022-03-04

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 7.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High

EPSS

EPSS: 0.0012