CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
87.3%
A flaw was found in python. An improperly handled HTTP response in the HTTP
client code of python may allow a remote attacker, who controls the HTTP
server, to make the client script enter an infinite loop, consuming CPU
time. The highest threat from this vulnerability is to system availability.
Author | Note |
---|---|
leosilva | impish/devel is not affected, code supposed affected was patched already. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 14.04 | noarch | python3.4 | < 3.4.3-1ubuntu1~14.04.7+esm11 | UNKNOWN |
ubuntu | 14.04 | noarch | python3.5 | < 3.5.2-2ubuntu0~16.04.4~14.04.1+esm1 | UNKNOWN |
ubuntu | 16.04 | noarch | python3.5 | < 3.5.2-2ubuntu0~16.04.13+esm1 | UNKNOWN |
ubuntu | 18.04 | noarch | python3.6 | < 3.6.9-1~18.04ubuntu1.6 | UNKNOWN |
ubuntu | 18.04 | noarch | python3.7 | < 3.7.5-2ubuntu1~18.04.2 | UNKNOWN |
ubuntu | 18.04 | noarch | python3.8 | < 3.8.0-3ubuntu1~18.04.2 | UNKNOWN |
ubuntu | 20.04 | noarch | python3.8 | < 3.8.10-0ubuntu1~20.04.2 | UNKNOWN |
ubuntu | 20.04 | noarch | python3.9 | < 3.9.5-3ubuntu0~20.04.1 | UNKNOWN |
ubuntu | 21.04 | noarch | python3.9 | < 3.9.5-3ubuntu0~21.04.1 | UNKNOWN |
bugs.python.org/issue44022
github.com/python/cpython/commit/0389426fa4af4dfc8b1d7f3f291932d928392d8b (3.8 branch)
github.com/python/cpython/commit/078b146f062d212919d0ba25e34e658a8234aa63 (v3.7.11)
github.com/python/cpython/commit/1b6f4e5e13ebd1f957b47f7415b53d0869bdbac6 (v3.6.14
github.com/python/cpython/commit/5df4abd6b033a5f1e48945c6988b45e35e76f647 (v3.9.6)
github.com/python/cpython/commit/60ba0b68470a584103e28958d91e93a6db37ec92 (v3.10.0b2)
github.com/python/cpython/commit/98e5a7975d99b58d511f171816ecdfb13d5cca18 (v3.10.0b3)
github.com/python/cpython/commit/ea9327036680acc92d9f89eaf6f6a54d2f8d78d9 (v3.9.6)
github.com/python/cpython/commit/f396864ddfe914531b5856d7bf852808ebfc01ae (v3.8.11)
github.com/python/cpython/commit/f68d2d69f1da56c2aea1293ecf93ab69a6010ad7 (v3.6.14)
github.com/python/cpython/commit/fee96422e6f0056561cf74fef2012cc066c9db86 (v3.7.11)
github.com/python/cpython/pull/25916
github.com/python/cpython/pull/26503
launchpad.net/bugs/cve/CVE-2021-3737
nvd.nist.gov/vuln/detail/CVE-2021-3737
security-tracker.debian.org/tracker/CVE-2021-3737
ubuntu.com/security/notices/USN-5083-1
ubuntu.com/security/notices/USN-5199-1
ubuntu.com/security/notices/USN-5200-1
ubuntu.com/security/notices/USN-5201-1
ubuntu.com/security/notices/USN-6891-1
www.cve.org/CVERecord?id=CVE-2021-3737
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
87.3%