Skip to content

CVE-2021-3737: urllib http client possible infinite loop on a 100 Continue response #88188

New issue
New issue
Closed
Closed
CVE-2021-3737: urllib http client possible infinite loop on a 100 Continue response#88188
Assignees
gpshead
Labels
3.10only security fixes3.7 (EOL)end of life3.8 (EOL)end of life3.9 (EOL)end of lifestdlibStandard Library Python modules in the Lib/ directorytype-securityA security issue
@leveryd

Description

@leveryd
leveryd
mannequin
opened on May 3, 2021
BPO 44022
Nosy @gpshead, @vstinner, @tiran, @ned-deily, @mcepl, @ambv, @mgorny, @sir-sigurd, @miss-islington, @gen-xu
PRs
  • bpo-44022: Fix http client infinite line reading (DoS) after a http 100 #25916
  • [3.10] bpo-44022: Fix http client infinite line reading (DoS) after a HTTP 100 Continue (GH-25916) #25931
  • [3.9] bpo-44022: Fix http client infinite line reading (DoS) after a HTTP 100 Continue (GH-25916) #25932
  • [3.8] bpo-44022: Fix http client infinite line reading (DoS) after a HTTP 100 Continue (GH-25916) #25933
  • [3.7] bpo-44022: Fix http client infinite line reading (DoS) after a HTTP 100 Continue (GH-25916) #25934
  • [3.6] bpo-44022: Fix http client infinite line reading (DoS) after a HTTP 100 Continue (GH-25916) #25935
  • bpo-44022: Improve the security fix regression test. #26503
  • [3.10] bpo-44022: Improve the regression test. (GH-26503) #26504
  • [3.9] bpo-44022: Improve the regression test. (GH-26503) #26505
  • [3.8] bpo-44022: Improve the regression test. (GH-26503) #26506
  • [3.7] bpo-44022: Improve the regression test. (GH-26503) #26507
  • [3.6] bpo-44022: Improve the regression test. (GH-26503) #26508
  • bpo-44022: Fix Sphinx role in NEWS entry #27033
    		•

    Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields:

    assignee = 'https://github.com/gpshead'
closed_at = <Date 2021-05-05.22:50:44.568>
created_at = <Date 2021-05-03.17:13:03.971>
labels = ['type-security', '3.8', '3.9', '3.10', '3.7', 'library']
title = 'CVE-2021-3737: urllib http client possible infinite loop on a 100 Continue response'
updated_at = <Date 2021-09-15.09:49:12.121>
user = 'https://bugs.python.org/leveryd'

    bugs.python.org fields:

    activity = <Date 2021-09-15.09:49:12.121>
actor = 'vstinner'
assignee = 'gregory.p.smith'
closed = True
closed_date = <Date 2021-05-05.22:50:44.568>
closer = 'gregory.p.smith'
components = ['Library (Lib)']
creation = <Date 2021-05-03.17:13:03.971>
creator = 'leveryd'
dependencies = []
files = []
hgrepos = []
issue_num = 44022
keywords = ['patch']
message_count = 29.0
messages = ['392825', '393004', '393005', '393037', '393048', '393050', '393051', '393073', '393074', '393076', '393079', '393110', '393113', '393137', '393194', '393195', '394898', '394976', '394978', '394980', '394982', '394985', '394986', '396993', '397322', '399275', '401819', '401820', '401821']
nosy_count = 11.0
nosy_names = ['gregory.p.smith', 'vstinner', 'christian.heimes', 'ned.deily', 'mcepl', 'lukasz.langa', 'mgorny', 'sir-sigurd', 'miss-islington', 'leveryd', 'gen-xu']
pr_nums = ['25916', '25931', '25932', '25933', '25934', '25935', '26503', '26504', '26505', '26506', '26507', '26508', '27033']
priority = 'normal'
resolution = 'fixed'
stage = 'resolved'
status = 'closed'
superseder = None
type = 'security'
url = 'https://bugs.python.org/issue44022'
versions = ['Python 3.6', 'Python 3.7', 'Python 3.8', 'Python 3.9', 'Python 3.10']

    Metadata

    Metadata

    Assignees

    Labels

    3.10only security fixes3.7 (EOL)end of life3.8 (EOL)end of life3.9 (EOL)end of lifestdlibStandard Library Python modules in the Lib/ directorytype-securityA security issue

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions