Fluid Attacks Database

Description

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	pypy3	>=0 <7.3.8+dfsg-1	7.3.8+dfsg-1
debian 13	pypy3	>=0 <7.3.8+dfsg-1	7.3.8+dfsg-1
debian 14	pypy3	>=0 <7.3.8+dfsg-1	7.3.8+dfsg-1
debian 11	python2.7	=2.7.18-10 \|\| =2.7.18-11 \|\| =2.7.18-12 \|\| =2.7.18-13 \|\| =2.7.18-13.1 \|\| =2.7.18-13.1~exp1 \|\| =2.7.18-13.2 \|\| =2.7.18-8 \|\| =2.7.18-8+deb11u1 \|\| =2.7.18-9	-
debian 11	python3.9	=3.9.2-1 \|\| =3.9.2-1+deb11u1 \|\| >=0 <3.9.2-1+deb11u2	3.9.2-1+deb11u2
debian 11	pypy3	=7.3.5+dfsg-2 \|\| =7.3.5+dfsg-2+deb11u1 \|\| =7.3.5+dfsg-2+deb11u2 \|\| =7.3.5+dfsg-2+deb11u3 \|\| >=0 <7.3.5+dfsg-2+deb11u4	7.3.5+dfsg-2+deb11u4
rpm rhel8	python36	-	-
rpm rhel7	python	-	-
rpm rhel7	python3	-	-
rpm rhel8	python3	<0:3.6.8-45.el8	0:3.6.8-45.el8

1-10 of 15

Aliases

1. CVE-2021-37372. NVD-2021-37373. OSV-DEBIAN-2021-37374. OSV-2021-37375. SECURITY-TRACKER-CVE-2021-3737

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.