CVE-2021-3737
EUVD-2021-2701304.03.2022, 19:15
A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| python | python | 3.6.0 ≤ 𝑥 < 3.6.14 |
| python | python | 3.7.0 ≤ 𝑥 < 3.7.11 |
| python | python | 3.8.0 ≤ 𝑥 < 3.8.11 |
| python | python | 3.9.0 ≤ 𝑥 < 3.9.6 |
| redhat | codeready_linux_builder | 8.0 |
| redhat | codeready_linux_builder_for_ibm_z_systems | 8.0 |
| redhat | codeready_linux_builder_for_power_little_endian | 8.0 |
| redhat | enterprise_linux | 6.0 |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux_for_ibm_z_systems | 8.0 |
| redhat | enterprise_linux_for_power_little_endian | 8.0 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 20.04 |
| canonical | ubuntu_linux | 21.04 |
| netapp | hci | - |
| netapp | management_services_for_element_software | - |
| netapp | netapp_xcp_smb | - |
| netapp | ontap_select_deploy_administration_utility | - |
| netapp | xcp_nfs | - |
| oracle | communications_cloud_native_core_binding_support_function | 22.1.3 |
| oracle | communications_cloud_native_core_network_exposure_function | 22.1.1 |
| oracle | communications_cloud_native_core_policy | 22.2.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| python3.10 |
| ||||||||||||||||||||||
| python3.4 |
| ||||||||||||||||||||||
| python3.5 |
| ||||||||||||||||||||||
| python3.6 |
| ||||||||||||||||||||||
| python3.7 |
| ||||||||||||||||||||||
| python3.8 |
| ||||||||||||||||||||||
| python3.9 |
|
Common Weakness Enumeration
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
- CWE-400 - Uncontrolled Resource ConsumptionThe software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
References