#VU58295 Resource management error in Python - CVE-2021-3733


Vulnerability identifier: #VU58295

Vulnerability risk: Low

CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-3733

CWE-ID: CWE-399

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Python
Universal components / Libraries / Scripting languages

Vendor: Python.org

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the application within the AbstractBasicAuthHandler class in urllib. A remote attacker with control over the server can perform regular expression denial of service attack during authentication.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Python: 3.6 - 3.6.13, 3.7 - 3.7.10, 3.8 - 3.8.9, 3.9.0b4 - 3.9.4

External links
https://bugzilla.redhat.com/show_bug.cgi?id=1995234

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Dell OpenManage Network Integration (OMNI)
Ubuntu update for python3.10
Multiple vulnerabilities in Dell EMC Enterprise SONiC
Multiple vulnerabilities in Dell PowerStore Family
Multiple vulnerabilities in Dell Unity, Dell UnityVSA, and Dell Unity XT
Multiple vulnerabilities in IBM QRadar SIEM
Resource management error in IBM Tivoli Application Dependency Discovery Manager
Multiple vulnerabilities in IBM Cloud Pak for Security (CP4S)
Multiple vulnerabilities in IBM Cognos Analytics
Multiple vulnerabilities in IBM Sterling Control Center