CVE-2021-44022: 
Trend Micro Apex One Agent vulnerability analysis and mitigation

A flaw was found in Python's HTTP client code where an improperly handled HTTP response could allow a remote attacker who controls the HTTP server to make the client script enter an infinite loop, consuming CPU time. The vulnerability, tracked as CVE-2021-3737, affects Python versions from 3.6.0 through 3.9.6 and was disclosed in August 2021 (Python Bug Tracker).

The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (High), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The issue is classified under CWE-400 (Uncontrolled Resource Consumption) and CWE-835 (Loop with Unreachable Exit Condition). The vulnerability specifically relates to the HTTP client code's handling of responses, which can be exploited to create an infinite loop condition (NVD).

The primary impact of this vulnerability is on system availability. When exploited, it can cause the affected Python script to enter an infinite loop, leading to CPU resource consumption and potential denial of service. The vulnerability poses no direct threat to system confidentiality or integrity (Ubuntu Security).

The vulnerability has been patched in Python versions 3.6.14, 3.7.11, 3.8.11, and 3.9.6. Users are advised to upgrade to these or later versions. Multiple patches have been released through various distribution channels, including Ubuntu, Red Hat, and other major Linux distributions (Python Security).