First published: Mon Aug 09 2021(Updated: )
A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/python3 | <0:3.6.8-45.el8 | 0:3.6.8-45.el8 |
redhat/python27-python | <0:2.7.18-4.el7 | 0:2.7.18-4.el7 |
redhat/python | <3.6.14 | 3.6.14 |
redhat/python | <3.7.11 | 3.7.11 |
redhat/python | <3.8.11 | 3.8.11 |
redhat/python | <3.9.6 | 3.9.6 |
Python Python | >=3.6.0<3.6.14 | |
Python Python | >=3.7.0<3.7.11 | |
Python Python | >=3.8.0<3.8.11 | |
Python Python | >=3.9.0<3.9.6 | |
Redhat Codeready Linux Builder | =8.0 | |
Redhat Codeready Linux Builder For Ibm Z Systems | =8.0 | |
Redhat Codeready Linux Builder For Power Little Endian | =8.0 | |
Redhat Enterprise Linux | =6.0 | |
Redhat Enterprise Linux | =7.0 | |
Redhat Enterprise Linux | =8.0 | |
Redhat Enterprise Linux For Ibm Z Systems | =8.0 | |
Redhat Enterprise Linux For Power Little Endian | =8.0 | |
Fedoraproject Fedora | =33 | |
Fedoraproject Fedora | =34 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =20.04 | |
Canonical Ubuntu Linux | =21.04 | |
Netapp Hci | ||
Netapp Management Services For Element Software | ||
Netapp Netapp Xcp Smb | ||
NetApp ONTAP Select Deploy administration utility | ||
Netapp Xcp Nfs | ||
Oracle Communications Cloud Native Core Binding Support Function | =22.1.3 | |
Oracle Communications Cloud Native Core Network Exposure Function | =22.1.1 | |
Oracle Communications Cloud Native Core Policy | =22.2.0 | |
IBM Cognos Analytics 11.2.x | <=IBM Cognos Analytics 11.2.x | |
IBM Cognos Analytics 11.1.x | <=IBM Cognos Analytics 11.1.x | |
debian/pypy3 | <=7.3.5+dfsg-2+deb11u2 | 7.3.5+dfsg-2+deb11u4 7.3.11+dfsg-2+deb12u2 7.3.17+dfsg-3 |
debian/python2.7 | <=2.7.18-8+deb11u1 | |
debian/python3.9 | <=3.9.2-1 | 3.9.2-1+deb11u2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
CVE-2021-3737 is a vulnerability in Python that allows a remote attacker to cause a denial of service by making the client script enter an infinite loop.
The severity of CVE-2021-3737 is high with a CVSS score of 7.5.
CVE-2021-3737 affects Python versions 3.6.0 to 3.6.14, 3.7.0 to 3.7.11, 3.8.0 to 3.8.11, and 3.9.0 to 3.9.6.
To fix CVE-2021-3737, update Python to version 3.6.15, 3.7.12, 3.8.12, or 3.9.7, depending on your installed version.
You can find more information about CVE-2021-3737 on the official Python bug tracker and GitHub repository.