Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!Close

CVE-2021-3737

Published: 31 August 2021

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.

Notes

AuthorNote
leosilva
impish/devel is not affected, code supposed affected was patched already.

Priority

Medium

Cvss 3 Severity Score

7.5

Score breakdown

Status

Package Release Status
python3.10
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

hirsute Ignored
(end of life)
impish Not vulnerable

jammy Not vulnerable

lunar Does not exist

trusty Does not exist

upstream Needs triage

xenial Ignored
(end of standard support)
kinetic Not vulnerable

mantic Does not exist

python3.4
Launchpad, Ubuntu, Debian
impish Does not exist

jammy Does not exist

lunar Does not exist

bionic Does not exist

focal Does not exist

hirsute Does not exist

upstream Needs triage

xenial Ignored
(end of standard support)
trusty
Released (3.4.3-1ubuntu1~14.04.7+esm11)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
kinetic Does not exist

mantic Does not exist

python3.5
Launchpad, Ubuntu, Debian
hirsute Does not exist

impish Does not exist

jammy Does not exist

lunar Does not exist

trusty Needed

bionic Does not exist

focal Does not exist

upstream Needs triage

xenial
Released (3.5.2-2ubuntu0~16.04.13+esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
kinetic Does not exist

mantic Does not exist

python3.6
Launchpad, Ubuntu, Debian
bionic
Released (3.6.9-1~18.04ubuntu1.6)
focal Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

lunar Does not exist

trusty Does not exist

upstream Needs triage

xenial Ignored
(end of standard support)
kinetic Does not exist

mantic Does not exist

python3.7
Launchpad, Ubuntu, Debian
impish Does not exist

jammy Does not exist

lunar Does not exist

focal Does not exist

hirsute Does not exist

trusty Does not exist

xenial Ignored
(end of standard support)
bionic
Released (3.7.5-2ubuntu1~18.04.2)
upstream Needs triage

kinetic Does not exist

mantic Does not exist

python3.8
Launchpad, Ubuntu, Debian
bionic
Released (3.8.0-3ubuntu1~18.04.2)
focal
Released (3.8.10-0ubuntu1~20.04.2)
hirsute Does not exist

impish Does not exist

jammy Does not exist

lunar Does not exist

trusty Does not exist

upstream Needs triage

xenial Ignored
(end of standard support)
kinetic Does not exist

mantic Does not exist

python3.9
Launchpad, Ubuntu, Debian
impish Not vulnerable

jammy Does not exist

lunar Does not exist

bionic Does not exist

focal
Released (3.9.5-3ubuntu0~20.04.1)
trusty Does not exist

xenial Ignored
(end of standard support)
upstream Needs triage

hirsute
Released (3.9.5-3ubuntu0~21.04.1)
kinetic Does not exist

mantic Does not exist

Severity score breakdown

Parameter Value
Base score 7.5
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H