Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2021-3737

Опубликовано: 04 мар. 2022
Источник: debian
EPSS Низкий

Описание

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
python3.9fixed3.9.6-1experimentalpackage
python3.9fixed3.9.7-1package
python3.7removedpackage
python3.5removedpackage
python3.4removedpackage
python2.7removedpackage
python2.7ignoredbullseyepackage
pypy3fixed7.3.8+dfsg-1package
pypy3no-dsabusterpackage

Примечания

  • https://bugs.python.org/issue44022

  • https://github.com/python/cpython/pull/25916

  • https://github.com/python/cpython/pull/26503

  • https://github.com/python/cpython/commit/60ba0b68470a584103e28958d91e93a6db37ec92 (v3.10.0b2)

  • https://github.com/python/cpython/commit/ea9327036680acc92d9f89eaf6f6a54d2f8d78d9 (v3.9.6)

  • https://github.com/python/cpython/commit/f396864ddfe914531b5856d7bf852808ebfc01ae (v3.8.11)

  • https://github.com/python/cpython/commit/078b146f062d212919d0ba25e34e658a8234aa63 (v3.7.11)

  • https://github.com/python/cpython/commit/f68d2d69f1da56c2aea1293ecf93ab69a6010ad7 (v3.6.14)

  • Needs the "Improve the regression test" followup:

  • https://github.com/python/cpython/commit/98e5a7975d99b58d511f171816ecdfb13d5cca18 (v3.10.0b3)

  • https://github.com/python/cpython/commit/5df4abd6b033a5f1e48945c6988b45e35e76f647 (v3.9.6)

  • https://github.com/python/cpython/commit/0389426fa4af4dfc8b1d7f3f291932d928392d8b (3.8 branch)

  • https://github.com/python/cpython/commit/fee96422e6f0056561cf74fef2012cc066c9db86 (v3.7.11)

  • https://github.com/python/cpython/commit/1b6f4e5e13ebd1f957b47f7415b53d0869bdbac6 (v3.6.14

EPSS

Процентиль: 47%
0.00243
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2021-3737

CVSS3: 7.5
ubuntu
больше 3 лет назад

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.

redhat логотип

CVE-2021-3737

CVSS3: 6.5
redhat
больше 4 лет назад

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.

nvd логотип

CVE-2021-3737

CVSS3: 7.5
nvd
больше 3 лет назад

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.

msrc логотип

CVE-2021-3737

CVSS3: 7.5
msrc
больше 3 лет назад

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker who controls the HTTP server to make the client script enter an infinite loop consuming CPU time. The highest threat from this vulnerability is to system availability.

github логотип

GHSA-hr7v-m862-8hh8

CVSS3: 7.5
github
больше 3 лет назад

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.

EPSS

Процентиль: 47%
0.00243
Низкий