Veracode Vulnerability DatabaseVERACODE:33513Denial Of Service (DoS)
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
python3 is vulnerable to denial of service. The vulnerability exists because the ftplib is using the host from the PASV response which allows an attacker to cause an application crash.
References
access.redhat.com/security/cve/CVE-2021-4189
bugs.python.org/issue43285
bugzilla.redhat.com/show_bug.cgi?id=2036020
github.com/python/cpython/commit/0ab152c6b5d95caa2dc1a30fa96e10258b5f188e
python-security.readthedocs.io/vuln/ftplib-pasv.html
security-tracker.debian.org/tracker/CVE-2021-4189
security.netapp.com/advisory/ntap-20221104-0004/
Related
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N