CVE-2021-3426

Summary

CVE	CVE-2021-3426
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-05-20 13:15:00 UTC
Updated	2023-11-07 03:38:00 UTC
Description	There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.

Risk And Classification

Problem Types: CWE-22

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	9.0	All	All	All
Operating System	Fedoraproject	Fedora	32	All	All	All
Operating System	Fedoraproject	Fedora	33	All	All	All
Operating System	Fedoraproject	Fedora	34	All	All	All
Application	Netapp	Cloud Backup	-	All	All	All
Application	Netapp	Ontap Select Deploy Administration Utility	-	All	All	All
Application	Netapp	Snapcenter	-	All	All	All
Application	Oracle	Communications Cloud Native Core Binding Support Function	1.10.0	All	All	All
Application	Oracle	Zfs Storage Appliance Kit	8.8	All	All	All
Application	Python	Python	All	All	All	All
Application	Python	Python	3.10.0	alpha1	All	All
Application	Python	Python	3.10.0	alpha2	All	All
Application	Python	Python	3.10.0	alpha3	All	All
Application	Python	Python	3.10.0	alpha4	All	All
Application	Python	Python	3.10.0	alpha5	All	All
Application	Python	Python	3.10.0	alpha6	All	All
Operating System	Redhat	Enterprise Linux	8.0	All	All	All
Application	Redhat	Software Collections	-	All	All	All

References

Reference	Source	Link	Tags
[SECURITY] [DLA 2619-1] python3.5 security update	MLIST	lists.debian.org
[SECURITY] Fedora 33 Update: python3-docs-3.9.4-1.fc33 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 34 Update: python3.8-3.8.9-1.fc34 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
[SECURITY] Fedora 34 Update: python3.8-3.8.9-1.fc34 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 33 Update: python3.8-3.8.9-1.fc33 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 32 Update: python39-3.9.4-1.fc32 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] [DLA 3477-1] python3.7 security update	MLIST	lists.debian.org
CVE-2021-3426 Python Vulnerability in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com
1935913 – (CVE-2021-3426) CVE-2021-3426 python: information disclosure via pydoc	MISC	bugzilla.redhat.com
[SECURITY] Fedora 32 Update: python3-3.8.9-1.fc32 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
[SECURITY] Fedora 34 Update: python3.9-3.9.4-1.fc34 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 34 Update: python3.9-3.9.4-1.fc34 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
[SECURITY] Fedora 32 Update: mingw-python3-3.8.9-1.fc32 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
Oracle Critical Patch Update Advisory - October 2021	MISC	www.oracle.com
Oracle Critical Patch Update Advisory - January 2022	MISC	www.oracle.com
[SECURITY] Fedora 32 Update: mingw-python3-3.8.9-1.fc32 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 33 Update: python3-docs-3.9.4-1.fc33 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
Python: Multiple vulnerabilities (GLSA 202104-04) — Gentoo security	GENTOO	security.gentoo.org
[SECURITY] Fedora 33 Update: python3.8-3.8.9-1.fc33 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
[SECURITY] Fedora 32 Update: python39-3.9.4-1.fc32 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
[SECURITY] Fedora 32 Update: python3-3.8.9-1.fc32 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

159466 Oracle Enterprise Linux Security Update for python39:3.9 and python39-devel:3.9 (ELSA-2021-4160)
159467 Oracle Enterprise Linux Security Update for python38:3.8 and python38-devel:3.8 (ELSA-2021-4162)
159507 Oracle Enterprise Linux Security Update for python3 (ELSA-2021-4399)
159563 Oracle Enterprise Linux Security Update for python3 (ELSA-2021-9562)
174989 SUSE Enterprise Linux Security Update for python36 (SUSE-SU-2021:1490-1)
174992 SUSE Enterprise Linux Security Update for python3 (SUSE-SU-2021:1557-1)
178536 Debian Security Update for python3.5 (DLA 2619-1)
180426 Debian Security Update for pypy3 (CVE-2021-3426)
198714 Ubuntu Security Notification for Python Vulnerabilities (USN-5342-1)
239580 Red Hat Update for rh-python38 (RHSA-2021:3254)
239820 Red Hat Update for python3 (RHSA-2021:4399)
239841 Red Hat Update for python39:3.9 and python39-devel:3.9 (RHSA-2021:4160)
239845 Red Hat Update for python38:3.8 and python38-devel:3.8 (RHSA-2021:4162)
281328 Fedora Security Update for mingw (FEDORA-2021-1769a23935)
281354 Fedora Security Update for python39 (FEDORA-2021-a311bf10d4)
281358 Fedora Security Update for python3 (FEDORA-2021-b6b6093b3a)
281359 Fedora Security Update for python3.8 (FEDORA-2021-a26257ccf5)
281360 Fedora Security Update for python3.8 (FEDORA-2021-2ab6f060d9)
281361 Fedora Security Update for python3 (FEDORA-2021-0a8f3ffbc0)
281362 Fedora Security Update for python3 (FEDORA-2021-067c9deff1)
296059 Oracle Solaris 11.4 Support Repository Update (SRU) 36.0.1.101.2 Missing (CPUJUL2021)
352278 Amazon Linux Security Update for python35: ALAS-2021-1498
352305 Amazon Linux Security Advisory for python36: ALAS-2021-1500
352365 Amazon Linux Security Advisory for python34: ALAS-2021-1504
352371 Amazon Linux Security Advisory for python3: ALAS2-2021-1640
502020 Alpine Linux Security Update for python3
504346 Alpine Linux Security Update for python3
6000019 Debian Security Update for python3.7 (DLA 3477-1)
670829 EulerOS Security Update for python3 (EulerOS-SA-2021-2718)
670940 EulerOS Security Update for python3 (EulerOS-SA-2021-2693)
671010 EulerOS Security Update for python3 (EulerOS-SA-2021-2640)
690176 Free Berkeley Software Distribution (FreeBSD) Security Update for python (f671c282-95ef-11eb-9c34-080027f515ea)
710014 Gentoo Linux Python Multiple Vulnerabilities (GLSA 202104-04)
751261 SUSE Enterprise Linux Security Update for python36 (SUSE-SU-2021:3486-1)
751494 OpenSUSE Security Update for python3 (openSUSE-SU-2021:4104-1)
751548 SUSE Enterprise Linux Security Update for python3 (SUSE-SU-2021:4015-2)
940028 AlmaLinux Security Update for python3 (ALSA-2021:4399)
940526 AlmaLinux Security Update for python38:3.8 and python38-devel:3.8 (ALSA-2021:4162)
940559 AlmaLinux Security Update for python39:3.9 and python39-devel:3.9 (ALSA-2021:4160)
960239 Rocky Linux Security Update for python39:3.9 and python39-devel:3.9 (RLSA-2021:4160)
960342 Rocky Linux Security Update for python38:3.8 and python38-devel:3.8 (RLSA-2021:4162)