DEBIAN-CVE-2021-3733
- Source
- https://security-tracker.debian.org/tracker/DEBIAN-CVE-2021-3733
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2021-3733.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2021-3733
- Upstream
- Published
- 2022-03-10T17:42:59Z
- Modified
- 2025-09-19T07:31:43.346958Z
- Summary
- [none]
- Details
-
There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.
- References
Affected packages
Debian:11 / pypy3
Package
- Name
- pypy3
- Purl
- pkg:deb/debian/pypy3?arch=source
Debian:12 / pypy3
Package
- Name
- pypy3
- Purl
- pkg:deb/debian/pypy3?arch=source
Debian:13 / pypy3
Package
- Name
- pypy3
- Purl
- pkg:deb/debian/pypy3?arch=source
Debian:14 / pypy3
Package
- Name
- pypy3
- Purl
- pkg:deb/debian/pypy3?arch=source
Debian:11 / python3.9
Package
- Name
- python3.9
- Purl
- pkg:deb/debian/python3.9?arch=source