VDB
BIT-python-2021-3737
BIT-python-2021-3737
PUBLISHED
CVSS 7.5 HIGH
A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | python | 3.6.0, 3.7.0, 3.8.0 |
Exploit Intelligence
- zephyr-crosstool-arm-grype.html (github-poc)
Timeline
- Mar 6, 2024 CVE Published
- Nov 6, 2025 CVE Updated
References
- https://bugs.python.org/issue44022 url
- https://bugzilla.redhat.com/show_bug.cgi?id=1995162 url
- https://github.com/python/cpython/pull/25916 url
- https://github.com/python/cpython/pull/26503 url
- https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html url
- https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html url
- https://python-security.readthedocs.io/vuln/urllib-100-continue-loop.html url
- https://security.netapp.com/advisory/ntap-20220407-0009/ url
- https://ubuntu.com/security/CVE-2021-3737 url
- https://www.oracle.com/security-alerts/cpujul2022.html url
- https://nvd.nist.gov/vuln/detail/CVE-2021-3737 url
- https://lists.debian.org/debian-lts-announce/2024/11/msg00024.html url
- https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html url