Description
A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.
References (12)
Core 12
Core References
Mailing List mailing-list
https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html
Mailing List mailing-list
https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html
Exploit, Issue Tracking, Vendor Advisory
https://bugs.python.org/issue44022
Issue Tracking, Patch, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1995162
Patch, Third Party Advisory
https://github.com/python/cpython/pull/25916
Patch, Third Party Advisory
https://github.com/python/cpython/pull/26503
Patch, Third Party Advisory
https://python-security.readthedocs.io/vuln/urllib-100-continue-loop.html
Third Party Advisory
https://security.netapp.com/advisory/ntap-20220407-0009/
Patch, Third Party Advisory
https://ubuntu.com/security/CVE-2021-3737
Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html
Scores
CVSS v3
7.5
EPSS
0.0012
EPSS Percentile
30.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-400
CWE-835
Status
published
Products (24)
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
16.04
canonical/ubuntu_linux
18.04
canonical/ubuntu_linux
20.04
canonical/ubuntu_linux
21.04
fedoraproject/fedora
33
fedoraproject/fedora
34
netapp/hci
netapp/management_services_for_element_software
netapp/netapp_xcp_smb
... and 14 more
Published
Mar 04, 2022
Tracked Since
Feb 18, 2026