Описание
A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.
Отчет
Given the flaw is in the client side and it requires automatically connecting to a compromised but trusted server or manually connecting to a malicious server, the Impact of this flaw has been set to Low. It requires indeed unlikely circumstances to be exploited and when it is it is enough to stop the client or restart it. This issue did not affect the versions of rh-python38-python as shipped with Red Hat Software Collections 3 as they already contain the patch.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | python | Out of support scope | ||
| Red Hat Enterprise Linux 7 | python | Fix deferred | ||
| Red Hat Enterprise Linux 7 | python3 | Out of support scope | ||
| Red Hat Enterprise Linux 8 | gimp:flatpak/python2 | Fix deferred | ||
| Red Hat Enterprise Linux 8 | inkscape:flatpak/python2 | Fix deferred | ||
| Red Hat Enterprise Linux 8 | python36:3.6/python36 | Affected | ||
| Red Hat Enterprise Linux 9 | python3.9 | Not affected | ||
| Red Hat Software Collections | rh-python38-python | Not affected | ||
| Red Hat Enterprise Linux 8 | python39 | Fixed | RHSA-2021:4160 | 09.11.2021 |
| Red Hat Enterprise Linux 8 | python39-devel | Fixed | RHSA-2021:4160 | 09.11.2021 |
Показывать по
Дополнительная информация
Статус:
6.5 Medium
CVSS3
Связанные уязвимости
A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.
A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.
A flaw was found in python. An improperly handled HTTP response in the ...
A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.
6.5 Medium
CVSS3