CVE-2021-3737

high

Description

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.

References

https://github.com/python/cpython/pull/25916

https://bugzilla.redhat.com/show_bug.cgi?id=1995162

https://ubuntu.com/security/CVE-2021-3737

https://github.com/python/cpython/pull/26503

https://bugs.python.org/issue44022

https://python-security.readthedocs.io/vuln/urllib-100-continue-loop.html

https://security.netapp.com/advisory/ntap-20220407-0009/

https://www.oracle.com/security-alerts/cpujul2022.html

https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html

Details

Source: MITRE

Published: 2022-03-04

Updated: 2023-05-24

Type: CWE-400

Risk Information

CVSS v2

Base Score: 7.1

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 8.6

Severity: HIGH

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH