ALT-PU-2021-3010-1
Closed vulnerabilities
BDU:2022-05830
Уязвимость компонента urllib интерпретатора языка программирования Python, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2022-05838
Уязвимость класса AbstractBasicAuthHandler компонента urllib.request интерпретатора языка программирования Python, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2021-3733
There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.
- https://bugs.python.org/issue43075
- https://bugs.python.org/issue43075
- https://bugzilla.redhat.com/show_bug.cgi?id=1995234
- https://bugzilla.redhat.com/show_bug.cgi?id=1995234
- https://github.com/python/cpython/commit/7215d1ae25525c92b026166f9d5cac85fb
- https://github.com/python/cpython/commit/7215d1ae25525c92b026166f9d5cac85fb
- https://github.com/python/cpython/pull/24391
- https://github.com/python/cpython/pull/24391
- [debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update
- [debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update
- [debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update
- [debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update
- https://security.netapp.com/advisory/ntap-20220407-0001/
- https://security.netapp.com/advisory/ntap-20220407-0001/
- https://ubuntu.com/security/CVE-2021-3733
- https://ubuntu.com/security/CVE-2021-3733
Modified: 2024-11-21
CVE-2021-3737
A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.
- https://bugs.python.org/issue44022
- https://bugs.python.org/issue44022
- https://bugzilla.redhat.com/show_bug.cgi?id=1995162
- https://bugzilla.redhat.com/show_bug.cgi?id=1995162
- https://github.com/python/cpython/pull/25916
- https://github.com/python/cpython/pull/25916
- https://github.com/python/cpython/pull/26503
- https://github.com/python/cpython/pull/26503
- [debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update
- [debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update
- [debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update
- [debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update
- https://python-security.readthedocs.io/vuln/urllib-100-continue-loop.html
- https://python-security.readthedocs.io/vuln/urllib-100-continue-loop.html
- https://security.netapp.com/advisory/ntap-20220407-0009/
- https://security.netapp.com/advisory/ntap-20220407-0009/
- https://ubuntu.com/security/CVE-2021-3737
- https://ubuntu.com/security/CVE-2021-3737
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html