CVE-2021-3733
Description
Theres a flaw in urllibs AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.
Risk Information
Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.642
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerability CVE-2021-3733,CVE-2022-0391 are affected in Python 3.10.0 | Windows |
| Multiple Vulnerabilities are affected in Python 3.10.0 | Windows |
| Vulnerabilities CVE-2020-15523,CVE-2020-27619,CVE-2021-3733,CVE-2022-48560 are affected in Python 3.9.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Tivoli Application Dependency Discovery Manager 7.3.0.9 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.2 | Windows |
| (RHSA-2021:4057) python3 security update platform-python-3.6.8-39.el8_4.i686.rpm | Linux |
| (RHSA-2021:4057) python3 security update platform-python-3.6.8-39.el8_4.x86_64.rpm | Linux |
| (RHSA-2021:4057) python3 security update platform-python-debug-3.6.8-39.el8_4.i686.rpm | Linux |
| (RHSA-2021:4057) python3 security update platform-python-debug-3.6.8-39.el8_4.x86_64.rpm | Linux |
| (RHSA-2021:4057) python3 security update platform-python-devel-3.6.8-39.el8_4.i686.rpm | Linux |
| (RHSA-2021:4057) python3 security update platform-python-devel-3.6.8-39.el8_4.x86_64.rpm | Linux |
| (RHSA-2021:4057) python3 security update python3-debugsource-3.6.8-39.el8_4.i686.rpm | Linux |
| (RHSA-2021:4057) python3 security update python3-debugsource-3.6.8-39.el8_4.x86_64.rpm | Linux |
| (RHSA-2021:4057) python3 security update python3-idle-3.6.8-39.el8_4.i686.rpm | Linux |
| (RHSA-2021:4057) python3 security update python3-idle-3.6.8-39.el8_4.x86_64.rpm | Linux |
| (RHSA-2021:4057) python3 security update python3-libs-3.6.8-39.el8_4.i686.rpm | Linux |
| (RHSA-2021:4057) python3 security update python3-libs-3.6.8-39.el8_4.x86_64.rpm | Linux |
| (RHSA-2021:4057) python3 security update python3-test-3.6.8-39.el8_4.i686.rpm | Linux |
| (RHSA-2021:4057) python3 security update python3-test-3.6.8-39.el8_4.x86_64.rpm | Linux |
| (RHSA-2021:4057) python3 security update python3-tkinter-3.6.8-39.el8_4.i686.rpm | Linux |
| (RHSA-2021:4057) python3 security update python3-tkinter-3.6.8-39.el8_4.x86_64.rpm | Linux |
| Platform-python update (ELSA-2021-4057) platform-python-3.6.8-39.0.1.el8_4.i686.rpm | Linux |
| Platform-python update (ELSA-2021-4057) platform-python-3.6.8-39.0.1.el8_4.x86_64.rpm | Linux |
| Platform-python-debug update (ELSA-2021-4057) platform-python-debug-3.6.8-39.0.1.el8_4.i686.rpm | Linux |
| Platform-python-debug update (ELSA-2021-4057) platform-python-debug-3.6.8-39.0.1.el8_4.x86_64.rpm | Linux |
| Platform-python-devel update (ELSA-2021-4057) platform-python-devel-3.6.8-39.0.1.el8_4.i686.rpm | Linux |
| Platform-python-devel update (ELSA-2021-4057) platform-python-devel-3.6.8-39.0.1.el8_4.x86_64.rpm | Linux |
| Python3-idle update (ELSA-2021-4057) python3-idle-3.6.8-39.0.1.el8_4.i686.rpm | Linux |
| Python3-idle update (ELSA-2021-4057) python3-idle-3.6.8-39.0.1.el8_4.x86_64.rpm | Linux |
| Python3-libs update (ELSA-2021-4057) python3-libs-3.6.8-39.0.1.el8_4.i686.rpm | Linux |
| Python3-libs update (ELSA-2021-4057) python3-libs-3.6.8-39.0.1.el8_4.x86_64.rpm | Linux |
| Python3-test update (ELSA-2021-4057) python3-test-3.6.8-39.0.1.el8_4.i686.rpm | Linux |
| Python3-test update (ELSA-2021-4057) python3-test-3.6.8-39.0.1.el8_4.x86_64.rpm | Linux |
| Python3-tkinter update (ELSA-2021-4057) python3-tkinter-3.6.8-39.0.1.el8_4.i686.rpm | Linux |
| Python3-tkinter update (ELSA-2021-4057) python3-tkinter-3.6.8-39.0.1.el8_4.x86_64.rpm | Linux |
| SUSE-SU-2021:3486-1(SUSE Linux Enterprise Server 12-SP5 ) libpython3_6m1_0-3.6.15-11.1.x86_64.rpm | Linux |
| SUSE-SU-2021:3486-1(SUSE Linux Enterprise Server 12-SP5 ) libpython3_6m1_0-debuginfo-3.6.15-11.1.x86_64.rpm | Linux |
| SUSE-SU-2021:3486-1(SUSE Linux Enterprise Server 12-SP5 ) python36-3.6.15-11.1.x86_64.rpm | Linux |
| SUSE-SU-2021:3486-1(SUSE Linux Enterprise Server 12-SP5 ) python36-base-3.6.15-11.1.x86_64.rpm | Linux |
| SUSE-SU-2021:3486-1(SUSE Linux Enterprise Server 12-SP5 ) python36-base-debuginfo-3.6.15-11.1.x86_64.rpm | Linux |
| SUSE-SU-2021:3486-1(SUSE Linux Enterprise Server 12-SP5 ) python36-debuginfo-3.6.15-11.1.x86_64.rpm | Linux |
| SUSE-SU-2021:3486-1(SUSE Linux Enterprise Server 12-SP5 ) python36-debugsource-3.6.15-11.1.x86_64.rpm | Linux |
| SUSE-SU-2021:3524-1(SUSE Linux Enterprise Server 12-SP5 ) libpython2_7-1_0-2.7.18-28.74.2.x86_64.rpm | Linux |
| SUSE-SU-2021:3524-1(SUSE Linux Enterprise Server 12-SP5 ) libpython2_7-1_0-32bit-2.7.18-28.74.2.x86_64.rpm | Linux |
| SUSE-SU-2021:3524-1(SUSE Linux Enterprise Server 12-SP5 ) libpython2_7-1_0-debuginfo-2.7.18-28.74.2.x86_64.rpm | Linux |
| SUSE-SU-2021:3524-1(SUSE Linux Enterprise Server 12-SP5 ) libpython2_7-1_0-debuginfo-32bit-2.7.18-28.74.2.x86_64.rpm | Linux |
| SUSE-SU-2021:3524-1(SUSE Linux Enterprise Server 12-SP5 ) python-2.7.18-28.74.1.x86_64.rpm | Linux |
| SUSE-SU-2021:3524-1(SUSE Linux Enterprise Server 12-SP5 ) python-32bit-2.7.18-28.74.1.x86_64.rpm | Linux |
| SUSE-SU-2021:3524-1(SUSE Linux Enterprise Server 12-SP5 ) python-base-2.7.18-28.74.2.x86_64.rpm | Linux |
| SUSE-SU-2021:3524-1(SUSE Linux Enterprise Server 12-SP5 ) python-base-32bit-2.7.18-28.74.2.x86_64.rpm | Linux |
| SUSE-SU-2021:3524-1(SUSE Linux Enterprise Server 12-SP5 ) python-base-debuginfo-2.7.18-28.74.2.x86_64.rpm | Linux |
| SUSE-SU-2021:3524-1(SUSE Linux Enterprise Server 12-SP5 ) python-base-debuginfo-32bit-2.7.18-28.74.2.x86_64.rpm | Linux |
| SUSE-SU-2021:3524-1(SUSE Linux Enterprise Server 12-SP5 ) python-base-debugsource-2.7.18-28.74.2.x86_64.rpm | Linux |
| SUSE-SU-2021:3524-1(SUSE Linux Enterprise Server 12-SP5 ) python-curses-2.7.18-28.74.1.x86_64.rpm | Linux |
| SUSE-SU-2021:3524-1(SUSE Linux Enterprise Server 12-SP5 ) python-curses-debuginfo-2.7.18-28.74.1.x86_64.rpm | Linux |
| SUSE-SU-2021:3524-1(SUSE Linux Enterprise Server 12-SP5 ) python-debuginfo-2.7.18-28.74.1.x86_64.rpm | Linux |
| SUSE-SU-2021:3524-1(SUSE Linux Enterprise Server 12-SP5 ) python-debuginfo-32bit-2.7.18-28.74.1.x86_64.rpm | Linux |
| SUSE-SU-2021:3524-1(SUSE Linux Enterprise Server 12-SP5 ) python-debugsource-2.7.18-28.74.1.x86_64.rpm | Linux |
| SUSE-SU-2021:3524-1(SUSE Linux Enterprise Server 12-SP5 ) python-demo-2.7.18-28.74.1.x86_64.rpm | Linux |
| SUSE-SU-2021:3524-1(SUSE Linux Enterprise Server 12-SP5 ) python-devel-2.7.18-28.74.2.x86_64.rpm | Linux |
| SUSE-SU-2021:3524-1(SUSE Linux Enterprise Server 12-SP5 ) python-doc-2.7.18-28.74.1.noarch.rpm | Linux |
| SUSE-SU-2021:3524-1(SUSE Linux Enterprise Server 12-SP5 ) python-doc-pdf-2.7.18-28.74.1.noarch.rpm | Linux |
| SUSE-SU-2021:3524-1(SUSE Linux Enterprise Server 12-SP5 ) python-gdbm-2.7.18-28.74.1.x86_64.rpm | Linux |
| SUSE-SU-2021:3524-1(SUSE Linux Enterprise Server 12-SP5 ) python-gdbm-debuginfo-2.7.18-28.74.1.x86_64.rpm | Linux |
| SUSE-SU-2021:3524-1(SUSE Linux Enterprise Server 12-SP5 ) python-idle-2.7.18-28.74.1.x86_64.rpm | Linux |
| SUSE-SU-2021:3524-1(SUSE Linux Enterprise Server 12-SP5 ) python-tk-2.7.18-28.74.1.x86_64.rpm | Linux |
| SUSE-SU-2021:3524-1(SUSE Linux Enterprise Server 12-SP5 ) python-tk-debuginfo-2.7.18-28.74.1.x86_64.rpm | Linux |
| SUSE-SU-2021:3524-1(SUSE Linux Enterprise Server 12-SP5 ) python-xml-2.7.18-28.74.2.x86_64.rpm | Linux |
| SUSE-SU-2021:3524-1(SUSE Linux Enterprise Server 12-SP5 ) python-xml-debuginfo-2.7.18-28.74.2.x86_64.rpm | Linux |
| An interactive high-level object-oriented language (USN-5199-1) python3.6_3.6.9-1~18.04ubuntu1.6_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-5199-1) python3.6_3.6.9-1~18.04ubuntu1.6_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-5199-1) python3.6-minimal_3.6.9-1~18.04ubuntu1.6_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-5199-1) python3.6-minimal_3.6.9-1~18.04ubuntu1.6_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-5199-1) libpython3.6-stdlib_3.6.9-1~18.04ubuntu1.9_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-5199-1) libpython3.6-stdlib_3.6.9-1~18.04ubuntu1.9_amd64.deb | Linux |
| (RHSA-2022:1764) python38:3.8 and python38-devel:3.8 security update python-lxml-debugsource-4.4.1-7.module+el8.6.0+13958+214a5473.x86_64.rpm | Linux |
| (RHSA-2022:1764) python38:3.8 and python38-devel:3.8 security update python38-debug-3.8.12-1.module+el8.6.0+12642+c3710b74.x86_64.rpm | Linux |
| (RHSA-2022:1764) python38:3.8 and python38-devel:3.8 security update python38-debugsource-3.8.12-1.module+el8.6.0+12642+c3710b74.x86_64.rpm | Linux |
| (RHSA-2022:1764) python38:3.8 and python38-devel:3.8 security update python38-devel-3.8.12-1.module+el8.6.0+12642+c3710b74.x86_64.rpm | Linux |
| (RHSA-2022:1764) python38:3.8 and python38-devel:3.8 security update python38-idle-3.8.12-1.module+el8.6.0+12642+c3710b74.x86_64.rpm | Linux |
| (RHSA-2022:1764) python38:3.8 and python38-devel:3.8 security update python38-lxml-4.4.1-7.module+el8.6.0+13958+214a5473.x86_64.rpm | Linux |
| (RHSA-2022:1764) python38:3.8 and python38-devel:3.8 security update python38-rpm-macros-3.8.12-1.module+el8.6.0+12642+c3710b74.noarch.rpm | Linux |
| (RHSA-2022:1764) python38:3.8 and python38-devel:3.8 security update python38-test-3.8.12-1.module+el8.6.0+12642+c3710b74.x86_64.rpm | Linux |
| (RHSA-2022:1764) python38:3.8 and python38-devel:3.8 security update python38-tkinter-3.8.12-1.module+el8.6.0+12642+c3710b74.x86_64.rpm | Linux |
| (RHSA-2022:1821) python27:2.7 security update babel-2.5.1-10.module+el8.5.0+11014+88fc0d0b.noarch.rpm | Linux |
| (RHSA-2022:1821) python27:2.7 security update python-lxml-debugsource-4.2.3-6.module+el8.6.0+13959+8e368262.x86_64.rpm | Linux |
| (RHSA-2022:1821) python27:2.7 security update python-nose-docs-1.3.7-31.module+el8.5.0+12203+77770ab7.noarch.rpm | Linux |
| (RHSA-2022:1821) python27:2.7 security update python-pymongo-debugsource-3.7.0-1.module+el8.5.0+10264+e5753a40.x86_64.rpm | Linux |
| (RHSA-2022:1821) python27:2.7 security update python2-babel-2.5.1-10.module+el8.5.0+11014+88fc0d0b.noarch.rpm | Linux |
| (RHSA-2022:1821) python27:2.7 security update python2-bson-3.7.0-1.module+el8.5.0+10264+e5753a40.x86_64.rpm | Linux |
| (RHSA-2022:1821) python27:2.7 security update python2-debug-2.7.18-10.module+el8.6.0+14191+7fdd52cd.x86_64.rpm | Linux |
| (RHSA-2022:1821) python27:2.7 security update python2-debugsource-2.7.18-10.module+el8.6.0+14191+7fdd52cd.x86_64.rpm | Linux |
| (RHSA-2022:1821) python27:2.7 security update python2-devel-2.7.18-10.module+el8.6.0+14191+7fdd52cd.x86_64.rpm | Linux |
| (RHSA-2022:1821) python27:2.7 security update python2-jinja2-2.10-9.module+el8.5.0+10541+706bb066.noarch.rpm | Linux |
| (RHSA-2022:1821) python27:2.7 security update python2-lxml-4.2.3-6.module+el8.6.0+13959+8e368262.x86_64.rpm | Linux |
| (RHSA-2022:1821) python27:2.7 security update python2-nose-1.3.7-31.module+el8.5.0+12203+77770ab7.noarch.rpm | Linux |
| (RHSA-2022:1821) python27:2.7 security update python2-pygments-2.2.0-22.module+el8.5.0+10788+a4cea9e0.noarch.rpm | Linux |
| (RHSA-2022:1821) python27:2.7 security update python2-pymongo-3.7.0-1.module+el8.5.0+10264+e5753a40.x86_64.rpm | Linux |
| (RHSA-2022:1821) python27:2.7 security update python2-pymongo-gridfs-3.7.0-1.module+el8.5.0+10264+e5753a40.x86_64.rpm | Linux |
| (RHSA-2022:1821) python27:2.7 security update python2-scipy-1.0.0-21.module+el8.5.0+10858+05337455.x86_64.rpm | Linux |
| (RHSA-2022:1821) python27:2.7 security update python2-test-2.7.18-10.module+el8.6.0+14191+7fdd52cd.x86_64.rpm | Linux |
| (RHSA-2022:1821) python27:2.7 security update python2-tkinter-2.7.18-10.module+el8.6.0+14191+7fdd52cd.x86_64.rpm | Linux |
| (RHSA-2022:1821) python27:2.7 security update python2-tools-2.7.18-10.module+el8.6.0+14191+7fdd52cd.x86_64.rpm | Linux |
| (RHSA-2022:1821) python27:2.7 security update python2-virtualenv-15.1.0-21.module+el8.5.0+12203+77770ab7.noarch.rpm | Linux |
| (RHSA-2022:1821) python27:2.7 security update python2-wheel-wheel-0.31.1-3.module+el8.5.0+12203+77770ab7.noarch.rpm | Linux |
| (RHSA-2022:1821) python27:2.7 security update scipy-debugsource-1.0.0-21.module+el8.5.0+10858+05337455.x86_64.rpm | Linux |
| An interactive high-level object-oriented language (USN-5199-1) libpython3.6-stdlib_3.6.9-1~18.04ubuntu1.6_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-5199-1) libpython3.6-stdlib_3.6.9-1~18.04ubuntu1.6_amd64.deb | Linux |
| An interactive high (USN-5200-1) python3.7_3.7.5-2ubuntu1~18.04.2_i386.deb | Linux |
| An interactive high (USN-5200-1) python3.7_3.7.5-2ubuntu1~18.04.2_amd64.deb | Linux |
| An interactive high (USN-5200-1) python3.8_3.8.0-3ubuntu1~18.04.2_i386.deb | Linux |
| An interactive high (USN-5200-1) python3.8_3.8.0-3ubuntu1~18.04.2_amd64.deb | Linux |
| An interactive high (USN-5200-1) python3.7-minimal_3.7.5-2ubuntu1~18.04.2_i386.deb | Linux |
| An interactive high (USN-5200-1) python3.7-minimal_3.7.5-2ubuntu1~18.04.2_amd64.deb | Linux |
| An interactive high (USN-5200-1) python3.8-minimal_3.8.0-3ubuntu1~18.04.2_i386.deb | Linux |
| An interactive high (USN-5200-1) python3.8-minimal_3.8.0-3ubuntu1~18.04.2_amd64.deb | Linux |
| An interactive high (USN-5200-1) libpython3.7-stdlib_3.7.5-2ubuntu1~18.04.2_i386.deb | Linux |
| An interactive high (USN-5200-1) libpython3.7-stdlib_3.7.5-2ubuntu1~18.04.2_amd64.deb | Linux |
| An interactive high (USN-5200-1) libpython3.8-stdlib_3.8.0-3ubuntu1~18.04.2_i386.deb | Linux |
| An interactive high (USN-5200-1) libpython3.8-stdlib_3.8.0-3ubuntu1~18.04.2_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-6891-1) python3.10_3.10.12-1~22.04.4_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-6891-1) python3.10_3.10.12-1~22.04.4_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-6891-1) python3.10-minimal_3.10.12-1~22.04.4_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-6891-1) python3.10-minimal_3.10.12-1~22.04.4_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-6891-1) python3.11_3.11.6-3ubuntu0.1_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-6891-1) python3.11_3.11.6-3ubuntu0.1_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-6891-1) python3.11-minimal_3.11.6-3ubuntu0.1_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-6891-1) python3.11-minimal_3.11.6-3ubuntu0.1_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-6891-1) python3.12_3.12.0-1ubuntu0.1_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-6891-1) python3.12_3.12.0-1ubuntu0.1_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-6891-1) python3.12-minimal_3.12.0-1ubuntu0.1_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-6891-1) python3.12-minimal_3.12.0-1ubuntu0.1_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-6891-1) python3.8_3.8.10-0ubuntu1~20.04.10_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-6891-1) python3.8_3.8.10-0ubuntu1~20.04.10_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-6891-1) python3.8-minimal_3.8.10-0ubuntu1~20.04.10_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-6891-1) python3.8-minimal_3.8.10-0ubuntu1~20.04.10_i386.deb | Linux |
| Uncontrolled Resource Consumption Vulnerability (CVE-2021-3733) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234