Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for netapp_xcp_smb by netapp

    CVE-2021-3737 (GCVE-0-2021-3737)

    Vulnerability from nvd – Published: 2022-03-04 00:00 – Updated: 2025-12-17 21:32
    VLAI
    Summary
    A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-835 - - Loop with Unreachable Exit Condition ('Infinite Loop'), CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Impacted products
    Vendor Product Version
    n/a python Affected: Fixed in python v3.6.14, python v3.7.11, python v3.8.11, python v3.9.6, python v3.10.0b2
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T21:45:09.305Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugs.python.org/issue44022"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/python/cpython/pull/25916"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995162"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/python/cpython/pull/26503"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://ubuntu.com/security/CVE-2021-3737"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://python-security.readthedocs.io/vuln/urllib-100-continue-loop.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20220407-0009/"
              },
              {
                "name": "[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"
              },
              {
                "name": "[debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00024.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-3737",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-17T21:32:43.233615Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-17T21:32:47.732Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "python",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Fixed in python v3.6.14, python v3.7.11, python v3.8.11, python v3.9.6, python v3.10.0b2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-835",
                  "description": "CWE-835 - Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027), CWE-400 - Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-30T00:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "url": "https://bugs.python.org/issue44022"
            },
            {
              "url": "https://github.com/python/cpython/pull/25916"
            },
            {
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995162"
            },
            {
              "url": "https://github.com/python/cpython/pull/26503"
            },
            {
              "url": "https://ubuntu.com/security/CVE-2021-3737"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            },
            {
              "url": "https://python-security.readthedocs.io/vuln/urllib-100-continue-loop.html"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20220407-0009/"
            },
            {
              "name": "[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"
            },
            {
              "name": "[debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2021-3737",
        "datePublished": "2022-03-04T00:00:00.000Z",
        "dateReserved": "2021-08-26T00:00:00.000Z",
        "dateUpdated": "2025-12-17T21:32:47.732Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2021-3737 (GCVE-0-2021-3737)

    Vulnerability from cvelistv5 – Published: 2022-03-04 00:00 – Updated: 2025-12-17 21:32
    VLAI
    Summary
    A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-835 - - Loop with Unreachable Exit Condition ('Infinite Loop'), CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Impacted products
    Vendor Product Version
    n/a python Affected: Fixed in python v3.6.14, python v3.7.11, python v3.8.11, python v3.9.6, python v3.10.0b2
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T21:45:09.305Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugs.python.org/issue44022"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/python/cpython/pull/25916"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995162"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/python/cpython/pull/26503"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://ubuntu.com/security/CVE-2021-3737"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://python-security.readthedocs.io/vuln/urllib-100-continue-loop.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20220407-0009/"
              },
              {
                "name": "[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"
              },
              {
                "name": "[debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00024.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-3737",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-17T21:32:43.233615Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-17T21:32:47.732Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "python",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Fixed in python v3.6.14, python v3.7.11, python v3.8.11, python v3.9.6, python v3.10.0b2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-835",
                  "description": "CWE-835 - Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027), CWE-400 - Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-30T00:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "url": "https://bugs.python.org/issue44022"
            },
            {
              "url": "https://github.com/python/cpython/pull/25916"
            },
            {
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995162"
            },
            {
              "url": "https://github.com/python/cpython/pull/26503"
            },
            {
              "url": "https://ubuntu.com/security/CVE-2021-3737"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            },
            {
              "url": "https://python-security.readthedocs.io/vuln/urllib-100-continue-loop.html"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20220407-0009/"
            },
            {
              "name": "[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"
            },
            {
              "name": "[debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2021-3737",
        "datePublished": "2022-03-04T00:00:00.000Z",
        "dateReserved": "2021-08-26T00:00:00.000Z",
        "dateUpdated": "2025-12-17T21:32:47.732Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }