A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.
References
Link | Resource |
---|---|
https://bugs.python.org/issue44022 | Exploit Issue Tracking Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=1995162 | Issue Tracking Patch Third Party Advisory |
https://github.com/python/cpython/pull/25916 | Patch Third Party Advisory |
https://github.com/python/cpython/pull/26503 | Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html | |
https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html | |
https://python-security.readthedocs.io/vuln/urllib-100-continue-loop.html | Patch Third Party Advisory |
https://security.netapp.com/advisory/ntap-20220407-0009/ | Third Party Advisory |
https://ubuntu.com/security/CVE-2021-3737 | Patch Third Party Advisory |
https://www.oracle.com/security-alerts/cpujul2022.html | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
History
30 Jun 2023, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
24 May 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Feb 2023, 17:07
Type | Values Removed | Values Added |
---|---|---|
First Time |
Oracle communications Cloud Native Core Policy
Oracle communications Cloud Native Core Binding Support Function Oracle Oracle communications Cloud Native Core Network Exposure Function |
|
CPE | cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:* |
|
References | (N/A) https://www.oracle.com/security-alerts/cpujul2022.html - Patch, Third Party Advisory |
25 Jul 2022, 18:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Jul 2022, 14:04
Type | Values Removed | Values Added |
---|---|---|
First Time |
Netapp xcp Nfs
Netapp Netapp netapp Xcp Smb Netapp ontap Select Deploy Administration Utility Netapp management Services For Element Software Netapp hci |
|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20220407-0009/ - Third Party Advisory | |
CPE | cpe:2.3:o:redhat:codeready_linux_builder_for_ibm_z_systems:8.0:*:*:*:*:*:*:* |
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:8.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:8.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:xcp_nfs:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:netapp_xcp_smb:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:hci:-:*:*:*:*:*:*:* |
08 Apr 2022, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
15 Mar 2022, 17:01
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:21.04:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* cpe:2.3:o:redhat:codeready_linux_builder_for_ibm_z_systems:8.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder:8.0:*:*:*:*:*:*:* cpe:2.3:a:python:python:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:codeready_linux_builder_for_power_little_endian:8.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 7.1
v3 : 7.5 |
CWE | CWE-400 CWE-835 |
|
First Time |
Python python
Redhat codeready Linux Builder Redhat enterprise Linux For Power Little Endian Fedoraproject Redhat codeready Linux Builder For Ibm Z Systems Canonical ubuntu Linux Fedoraproject fedora Redhat enterprise Linux Canonical Python Redhat enterprise Linux For Ibm Z Systems Redhat codeready Linux Builder For Power Little Endian Redhat |
|
References | (MISC) https://github.com/python/cpython/pull/25916 - Patch, Third Party Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1995162 - Issue Tracking, Patch, Third Party Advisory | |
References | (MISC) https://ubuntu.com/security/CVE-2021-3737 - Patch, Third Party Advisory | |
References | (MISC) https://bugs.python.org/issue44022 - Exploit, Issue Tracking, Vendor Advisory | |
References | (MISC) https://python-security.readthedocs.io/vuln/urllib-100-continue-loop.html - Patch, Third Party Advisory | |
References | (MISC) https://github.com/python/cpython/pull/26503 - Patch, Third Party Advisory |
10 Mar 2022, 17:43
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Mar 2022, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-03-04 19:15
Updated : 2023-12-10 14:22
NVD link : CVE-2021-3737
Mitre link : CVE-2021-3737
CVE.ORG link : CVE-2021-3737
JSON object : View
Products Affected
netapp
- xcp_nfs
- management_services_for_element_software
- hci
- ontap_select_deploy_administration_utility
- netapp_xcp_smb
oracle
- communications_cloud_native_core_binding_support_function
- communications_cloud_native_core_policy
- communications_cloud_native_core_network_exposure_function
redhat
- codeready_linux_builder_for_power_little_endian
- codeready_linux_builder
- enterprise_linux
- enterprise_linux_for_power_little_endian
- codeready_linux_builder_for_ibm_z_systems
- enterprise_linux_for_ibm_z_systems
python
- python
canonical
- ubuntu_linux
fedoraproject
- fedora