python python 未加控制的资源消耗（资源穷尽）

admin

0
文章

0
评论

2023-11-30 08:50:51 Ali_nvd 来源：ZONE.CI 全球网 0 阅读模式

中危 python python 未加控制的资源消耗（资源穷尽）

CVE编号

CVE-2021-3737

利用情况

暂无

补丁情况

官方补丁

披露时间

2022-03-05

漏洞描述

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
https://bugs.python.org/issue44022
https://bugzilla.redhat.com/show_bug.cgi?id=1995162
https://github.com/python/cpython/pull/25916
https://github.com/python/cpython/pull/26503
https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html
https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html
https://python-security.readthedocs.io/vuln/urllib-100-continue-loop.html
https://security.netapp.com/advisory/ntap-20220407-0009/
https://ubuntu.com/security/CVE-2021-3737
https://www.oracle.com/security-alerts/cpujul2022.html

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	python	python	*	From (including) 3.6.0	Up to (excluding) 3.6.14
	运行在以下环境
	应用	python	python	*	From (including) 3.7.0	Up to (excluding) 3.7.11
	运行在以下环境
	应用	python	python	*	From (including) 3.8.0	Up to (excluding) 3.8.11
	运行在以下环境
	应用	python	python	*	From (including) 3.9.0	Up to (excluding) 3.9.6
	运行在以下环境
	应用	redhat	codeready_linux_builder	8.0	-
	运行在以下环境
	系统	amazon_2	python	*		Up to (excluding) 2.7.18-1.amzn2.0.5
	运行在以下环境
	系统	amazon_AMI	python27	*		Up to (excluding) 2.7.18-2.142.amzn1
	运行在以下环境
	系统	anolis_os_8	python3-idle	*		Up to (excluding) 3.4.2-13
	运行在以下环境
	系统	centos_8	python3-test	*		Up to (excluding) 3.6.8-45.el8
	运行在以下环境
	系统	debian_10	python2.7	*		Up to (excluding) 2.7.16-2+deb10u2
	运行在以下环境
	系统	debian_11	python2.7	*		Up to (including) 2.7.18-8+deb11u1
	运行在以下环境
	系统	debian_12	python3.9	*		Up to (including) 3.9.7-2
	运行在以下环境
	系统	debian_9	python3.5	*		Up to (excluding) 3.5.3-1+deb9u5
	运行在以下环境
	系统	debian_sid	python3.9	*		Up to (including) 3.9.7-2
	运行在以下环境
	系统	fedora_33	python2.7-debugsource	*		Up to (excluding) 2.7.18-15.fc33
	运行在以下环境
	系统	fedora_34	python2.7	*		Up to (excluding) 3.9.4-3.fc34
	运行在以下环境
	系统	fedora_35	python2.7-debugsource	*		Up to (excluding) 2.7.18-15.fc35
	运行在以下环境
	系统	fedora_36	python2.7	*		Up to (excluding) 2.7.18-15.fc36
	运行在以下环境
	系统	kylinos_aarch64_V10SP1	debug/python3-debuginfo	*		Up to (excluding) 3.7.9-20.p01.se.ky10
	运行在以下环境
	系统	kylinos_aarch64_V10SP2	debug/python3-debuginfo	*		Up to (excluding) 3.7.9-20.p02.se.ky10
	运行在以下环境
	系统	kylinos_x86_64_V10SP1	debug/python3-debuginfo	*		Up to (excluding) 3.7.9-20.p02.se.ky10
	运行在以下环境
	系统	kylinos_x86_64_V10SP2	debug/python3-debuginfo	*		Up to (excluding) 3.7.9-20.p02.se.ky10
	运行在以下环境
	系统	opensuse_Leap_15.2	python-base	*		Up to (excluding) 2.7.18-lp152.3.21.1
	运行在以下环境
	系统	opensuse_Leap_15.3	python3-tools	*		Up to (excluding) 3.9.10-150300.4.8.2
	运行在以下环境
	系统	opensuse_Leap_15.4	python39-dbm	*		Up to (excluding) 3.9.10-150300.4.8.2
	运行在以下环境
	系统	oracle_8	oraclelinux-release	*		Up to (excluding) 1.3.7-31.module+el8.5.0+20361+8a9d3d27
	运行在以下环境
	系统	redhat_8	python3-test	*		Up to (excluding) 3.6.8-45.el8
	运行在以下环境
	系统	suse_12_SP5	python36	*		Up to (excluding) 2.7.18-28.74.1
	运行在以下环境
	系统	ubuntu_18.04	python3.8	*		Up to (excluding) 3.7.5-2ubuntu1~18.04.2
	运行在以下环境
	系统	ubuntu_20.04	python3.8	*		Up to (excluding) 3.9.5-3ubuntu0~20.04.1
	运行在以下环境
	系统	ubuntu_21.04	python3.9	*		Up to (excluding) 3.9.5-3ubuntu0~21.04.1
	运行在以下环境
系统	unionos_d	python2.7	*		Up to (excluding) 3.7.3.13-1+dde