CVE-2021-3737

7.5 HIGH

Published: March 04, 2022 Modified: December 17, 2025

Description

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://bugs.python.org/issue44022

Source: secalert@redhat.com

Exploit Issue Tracking Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1995162

Source: secalert@redhat.com

Issue Tracking Patch Third Party Advisory

https://github.com/python/cpython/pull/25916

Source: secalert@redhat.com

Patch Third Party Advisory

https://github.com/python/cpython/pull/26503

Source: secalert@redhat.com

Patch Third Party Advisory

https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html

Source: secalert@redhat.com

https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html

Source: secalert@redhat.com

https://python-security.readthedocs.io/vuln/urllib-100-continue-loop.html

Source: secalert@redhat.com

Patch Third Party Advisory

https://security.netapp.com/advisory/ntap-20220407-0009/

Source: secalert@redhat.com

Third Party Advisory

https://ubuntu.com/security/CVE-2021-3737

Source: secalert@redhat.com

Patch Third Party Advisory

https://www.oracle.com/security-alerts/cpujul2022.html

Source: secalert@redhat.com

Patch Third Party Advisory

https://bugs.python.org/issue44022

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit Issue Tracking Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1995162

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking Patch Third Party Advisory

https://github.com/python/cpython/pull/25916

Source: af854a3a-2127-422b-91ae-364da2661108

Patch Third Party Advisory

https://github.com/python/cpython/pull/26503

Source: af854a3a-2127-422b-91ae-364da2661108

Patch Third Party Advisory

https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2024/11/msg00024.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://python-security.readthedocs.io/vuln/urllib-100-continue-loop.html

Source: af854a3a-2127-422b-91ae-364da2661108

Patch Third Party Advisory

https://security.netapp.com/advisory/ntap-20220407-0009/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://ubuntu.com/security/CVE-2021-3737

Source: af854a3a-2127-422b-91ae-364da2661108

Patch Third Party Advisory

https://www.oracle.com/security-alerts/cpujul2022.html

Source: af854a3a-2127-422b-91ae-364da2661108

Patch Third Party Advisory

22 reference(s) from NVD

Quick Stats

CVSS v3 Score

7.5 / 10.0

EPSS (Exploit Probability)

0.2%

38th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-835 CWE-400 CWE-835

Affected Vendors

redhat canonical python fedoraproject netapp oracle

Related CVEs

CVE-2025-52691 10.0

CVE-2025-15168 7.3

CVE-2025-15167 7.3

CVE-2025-15166 7.3

CVE-2025-15165 7.3