PT-2021-7377 · Python+10 · Urllib+10

Yeting Li

Published

2021-01-30

Updated

2025-08-11

CVE-2021-3733

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions urllib (affected versions not specified)

Description A flaw in the AbstractBasicAuthHandler class of urllib allows an attacker controlling a malicious HTTP server to trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload sent by the server to the client. The greatest threat posed by this flaw is to application availability. An attacker could exploit this vulnerability to cause a denial of service, affecting the availability of the application.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

ALSA-2021:4160

ALSA-2022:1764

ALSA-2022:1821

ALT-PU-2021-1784

ALT-PU-2021-2653

ALT-PU-2021-3010

ALT-PU-2022-1209

ALT-PU-2022-3044

ALT-PU-2024-3474

BDU:2022-05838

BIT-LIBPYTHON-2021-3733

BIT-PYTHON-2021-3733

BIT-PYTHON-MIN-2021-3733

CESA-2021_4057

CESA-2021_4160

CESA-2022_1764

CESA-2022_1821

CVE-2021-3733

DLA-2808-1

DLA-3432-1

DLA-3477-1

DLA-3980-1

MGASA-2021-0435

MGASA-2021-0457

OPENSUSE-SU-2021:1418-1

OPENSUSE-SU-2021:3489-1

OPENSUSE-SU-2021:4104-1

OPENSUSE-SU-2021_1418-1

OPENSUSE-SU-2021_3489-1

OPENSUSE-SU-2021_4104-1

OPENSUSE-SU-2022_1485-1

OPENSUSE-SU-2024:11202-1

OPENSUSE-SU-2024:11284-1

OPENSUSE-SU-2024:11286-1

PSF-2022-6

RHSA-2021:3254

RHSA-2021:4057

RHSA-2021:4160

RHSA-2021_4057

RHSA-2021_4160

RHSA-2022:1663

RHSA-2022:1764

RHSA-2022:1821

RHSA-2022_1764

RHSA-2022_1821

RLSA-2021:4160

RLSA-2022:1764

RLSA-2022:1821

ROSA-SA-2025-2646

SUSE-SU-2021:3477-1

SUSE-SU-2021:3486-1

SUSE-SU-2021:3489-1

SUSE-SU-2021:3524-1

SUSE-SU-2021:4015-1

SUSE-SU-2021:4015-2

SUSE-SU-2021:4104-1

SUSE-SU-2021_3477-1

SUSE-SU-2021_3489-1

SUSE-SU-2021_3524-1

SUSE-SU-2022:1485-1

USN-5083-1

USN-5199-1

USN-5200-1

USN-6891-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

Urllib

PT-2021-7377 · Python+10 · Urllib+10

CVE-2021-3733

Weakness Enumeration

Related Identifiers

Affected Products

References · 233