{
  "threat_severity" : "Low",
  "public_date" : "2021-08-09T00:00:00Z",
  "bugzilla" : {
    "description" : "python: urllib: HTTP client possible infinite loop on a 100 Continue response",
    "id" : "1995162",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1995162"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-835->CWE-400",
  "details" : [ "A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.", "A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability." ],
  "statement" : "Given the flaw is in the client side and it requires automatically connecting to a compromised but trusted server or manually connecting to a malicious server, the Impact of this flaw has been set to Low. It requires indeed unlikely circumstances to be exploited and when it is it is enough to stop the client or restart it.\nThis issue did not affect the versions of rh-python38-python as shipped with Red Hat Software Collections 3 as they already contain the patch.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2021-11-09T00:00:00Z",
    "advisory" : "RHSA-2021:4160",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "python39:3.9-8050020210811100211.d428a79b"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2021-11-09T00:00:00Z",
    "advisory" : "RHSA-2021:4160",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "python39-devel:3.9-8050020210811100211.d428a79b"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2022-05-10T00:00:00Z",
    "advisory" : "RHSA-2022:1764",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "python38:3.8-8060020220120164031.5294be16"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2022-05-10T00:00:00Z",
    "advisory" : "RHSA-2022:1764",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "python38-devel:3.8-8060020220120164031.5294be16"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2022-05-10T00:00:00Z",
    "advisory" : "RHSA-2022:1821",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "python27:2.7-8060020220210185952.8cdc2268"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2022-05-10T00:00:00Z",
    "advisory" : "RHSA-2022:1986",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "python3-0:3.6.8-45.el8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2022-05-10T00:00:00Z",
    "advisory" : "RHSA-2022:1986",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "python3-0:3.6.8-45.el8"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7",
    "release_date" : "2022-05-02T00:00:00Z",
    "advisory" : "RHSA-2022:1663",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7",
    "package" : "python27-python-0:2.7.18-4.el7"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "python",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "python",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "python3",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "gimp:flatpak/python2",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "inkscape:flatpak/python2",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Affected",
    "package_name" : "python36:3.6/python36",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "python3.9",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Software Collections",
    "fix_state" : "Not affected",
    "package_name" : "rh-python38-python",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2021-3737\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3737" ],
  "name" : "CVE-2021-3737",
  "csaw" : false
}