CVE-2021-3737
04.03.2022, 19:15
A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.
| Vendor | Product | Version |
|---|---|---|
| python | python | 3.6.0 ≤ 𝑥 < 3.6.14 |
| python | python | 3.7.0 ≤ 𝑥 < 3.7.11 |
| python | python | 3.8.0 ≤ 𝑥 < 3.8.11 |
| python | python | 3.9.0 ≤ 𝑥 < 3.9.6 |
| redhat | codeready_linux_builder | 8.0 |
| redhat | codeready_linux_builder_for_ibm_z_systems | 8.0 |
| redhat | codeready_linux_builder_for_power_little_endian | 8.0 |
| redhat | enterprise_linux | 6.0 |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux_for_ibm_z_systems | 8.0 |
| redhat | enterprise_linux_for_power_little_endian | 8.0 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 20.04 |
| canonical | ubuntu_linux | 21.04 |
| netapp | hci | - |
| netapp | management_services_for_element_software | - |
| netapp | netapp_xcp_smb | - |
| netapp | ontap_select_deploy_administration_utility | - |
| netapp | xcp_nfs | - |
| oracle | communications_cloud_native_core_binding_support_function | 22.1.3 |
| oracle | communications_cloud_native_core_network_exposure_function | 22.1.1 |
| oracle | communications_cloud_native_core_policy | 22.2.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| python3.10 |
| ||||||||||||||||||||||
| python3.4 |
| ||||||||||||||||||||||
| python3.5 |
| ||||||||||||||||||||||
| python3.6 |
| ||||||||||||||||||||||
| python3.7 |
| ||||||||||||||||||||||
| python3.8 |
| ||||||||||||||||||||||
| python3.9 |
|
Common Weakness Enumeration
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
- CWE-400 - Uncontrolled Resource ConsumptionThe software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
References