A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:M/Au:N/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Canonical
  • Ubuntu Linux
Fedoraproject
  • Fedora
Netapp
  • Hci
  • Management Services For Element Software
  • Netapp Xcp Smb
  • Ontap Select Deploy Administration Utility
  • Xcp Nfs
Oracle
  • Communications Cloud Native Core Binding Support Function
  • Communications Cloud Native Core Network Exposure Function
  • Communications Cloud Native Core Policy
Python
  • Python
Redhat
  • Codeready Linux Builder
  • Codeready Linux Builder For Ibm Z Systems
  • Codeready Linux Builder For Power Little Endian
  • Enterprise Linux
  • Enterprise Linux For Ibm Z Systems
  • Enterprise Linux For Power Little Endian
  • Rhel Software Collections

Configuration 1 [-]

OR cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
cpe:2.3:a:python:python:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:redhat:codeready_linux_builder:8.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:8.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

Configuration 4 [-]

OR cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:21.04:*:*:*:*:*:*:*

Configuration 5 [-]

OR cpe:2.3:a:netapp:hci:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:netapp_xcp_smb:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:xcp_nfs:-:*:*:*:*:*:*:*

Configuration 6 [-]

OR cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 8
python39:3.9-8050020210811100211.d428a79b cpe:/a:redhat:enterprise_linux:8 RHSA-2021:4160 2021-11-09T00:00:00Z
python39-devel:3.9-8050020210811100211.d428a79b cpe:/a:redhat:enterprise_linux:8 RHSA-2021:4160 2021-11-09T00:00:00Z
python38:3.8-8060020220120164031.5294be16 cpe:/a:redhat:enterprise_linux:8 RHSA-2022:1764 2022-05-10T00:00:00Z
python38-devel:3.8-8060020220120164031.5294be16 cpe:/a:redhat:enterprise_linux:8 RHSA-2022:1764 2022-05-10T00:00:00Z
python27:2.7-8060020220210185952.8cdc2268 cpe:/a:redhat:enterprise_linux:8 RHSA-2022:1821 2022-05-10T00:00:00Z
python3-0:3.6.8-45.el8 cpe:/a:redhat:enterprise_linux:8 RHSA-2022:1986 2022-05-10T00:00:00Z
python3-0:3.6.8-45.el8 cpe:/o:redhat:enterprise_linux:8 RHSA-2022:1986 2022-05-10T00:00:00Z
Red Hat Software Collections for Red Hat Enterprise Linux 7
python27-python-0:2.7.18-4.el7 cpe:/a:redhat:rhel_software_collections:3::el7 RHSA-2022:1663 2022-05-02T00:00:00Z
References
Link Providers
https://bugs.python.org/issue44022 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=1995162 cve-icon cve-icon
https://github.com/python/cpython/pull/25916 cve-icon cve-icon
https://github.com/python/cpython/pull/26503 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2021-3737 cve-icon
https://python-security.readthedocs.io/vuln/urllib-100-continue-loop.html cve-icon cve-icon
https://security.netapp.com/advisory/ntap-20220407-0009/ cve-icon cve-icon
https://ubuntu.com/security/CVE-2021-3737 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2021-3737 cve-icon
https://www.oracle.com/security-alerts/cpujul2022.html cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2022-03-04T00:00:00

Updated: 2024-08-03T17:01:08.326Z

Reserved: 2021-08-26T00:00:00

Link: CVE-2021-3737

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-03-04T19:15:08.730

Modified: 2023-11-07T03:38:13.837

Link: CVE-2021-3737

cve-icon Redhat

Severity : Low

Publid Date: 2021-08-09T00:00:00Z

Links: CVE-2021-3737 - Bugzilla