[issue44022] CVE-2021-3737: urllib http client possible infinite loop on a 100 Continue response
STINNER Victor
report at bugs.python.org
Wed Sep 15 05:49:12 EDT 2021
STINNER Victor <vstinner at python.org> added the comment:
I'm not sure why the fix in the main branch was not listed here:
commit 47895e31b6f626bc6ce47d175fe9d43c1098909d
Author: Gen Xu <xgbarry at gmail.com>
Date: Wed May 5 15:42:41 2021 -0700
bpo-44022: Fix http client infinite line reading (DoS) after a HTTP 100 Continue (GH-25916)
Fixes http.client potential denial of service where it could get stuck reading lines from a malicious server after a 100 Continue response.
Co-authored-by: Gregory P. Smith <greg at krypto.org>
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue44022>
_______________________________________
More information about the Python-bugs-list
mailing list