Description

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.

Related CPE's

a

python

python

4

a

redhat

codeready_linux_builder

8.0

Vulnerable

a

redhat

codeready_linux_builder_for_ibm_z_systems

8.0

Vulnerable

a

redhat

codeready_linux_builder_for_power_little_endian

8.0

Vulnerable

o

redhat

enterprise_linux

3

o

redhat

enterprise_linux_for_ibm_z_systems

8.0

Vulnerable

o

redhat

enterprise_linux_for_power_little_endian

8.0

Vulnerable

o

fedoraproject

fedora

2

o

canonical

ubuntu_linux

5

a

netapp

hci

-

Vulnerable

a

netapp

management_services_for_element_software

-

Vulnerable

a

netapp

netapp_xcp_smb

-

Vulnerable

a

netapp

ontap_select_deploy_administration_utility

-

Vulnerable

a

netapp

xcp_nfs

-

Vulnerable

a

oracle

communications_cloud_native_core_binding_support_function

22.1.3

Vulnerable

a

oracle

communications_cloud_native_core_network_exposure_function

22.1.1

Vulnerable

a

oracle

communications_cloud_native_core_policy

22.2.0

Vulnerable

References

https://bugs.python.org/issue44022

ExploitIssue TrackingVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1995162

Issue TrackingPatchThird Party Advisory

https://github.com/python/cpython/pull/25916

PatchThird Party Advisory

https://github.com/python/cpython/pull/26503

PatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html

https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html

https://python-security.readthedocs.io/vuln/urllib-100-continue-loop.html

PatchThird Party Advisory

https://security.netapp.com/advisory/ntap-20220407-0009/

Third Party Advisory

https://ubuntu.com/security/CVE-2021-3737

PatchThird Party Advisory

https://www.oracle.com/security-alerts/cpujul2022.html

PatchThird Party Advisory

Weaknesses

[email protected]

Primary
CWE-400CWE-835

[email protected]

Secondary
CWE-835

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2022-03-04T19:15:08.730

3 years ago

Last modified

2023-11-07T03:38:13.837

1 year ago