BIT-python-2021-3737

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/python/BIT-python-2021-3737.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-python-2021-3737

Aliases

CVE-2021-3737
PSF-2022-7

Published

2024-03-06T11:06:04.065Z

Modified

2024-03-06T11:25:28.861Z

Summary

[none]

Details

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.

References

https://bugs.python.org/issue44022
https://bugzilla.redhat.com/show_bug.cgi?id=1995162
https://github.com/python/cpython/pull/25916
https://github.com/python/cpython/pull/26503
https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html
https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html
https://python-security.readthedocs.io/vuln/urllib-100-continue-loop.html
https://security.netapp.com/advisory/ntap-20220407-0009/
https://ubuntu.com/security/CVE-2021-3737
https://www.oracle.com/security-alerts/cpujul2022.html

Affected packages

Bitnami / python

Package

Name: python
Purl: pkg:bitnami/python

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

3.6.0

Fixed

3.6.14

Introduced

3.7.0

Fixed

3.7.11

Introduced

3.8.0

Fixed

3.8.11

Introduced

3.9.0

Fixed

3.9.6