CVE Vulnerabilities

CVE-2021-4189

Unchecked Return Value

Published: Aug 24, 2022 | Modified: Jun 30, 2023
CVSS 3.x
5.3
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
5.3 MODERATE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Ubuntu
MEDIUM

A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.

Weakness

The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.

Affected Software

Name Vendor Start Version End Version
Python Python 3.6.0 (including) 3.6.14 (excluding)
Python Python 3.7.0 (including) 3.7.11 (excluding)
Python Python 3.8.0 (including) 3.8.9 (excluding)
Python Python 3.9.0 (including) 3.9.3 (excluding)
Python Python 3.10.0 (including) 3.10.0 (including)
Red Hat Enterprise Linux 8 RedHat python27:2.7-8060020220210185952.8cdc2268 *
Red Hat Enterprise Linux 8 RedHat python3-0:3.6.8-45.el8 *
Red Hat Enterprise Linux 8 RedHat python3-0:3.6.8-45.el8 *
Red Hat Software Collections for Red Hat Enterprise Linux 7 RedHat rh-python38-babel-0:2.7.0-12.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7 RedHat rh-python38-python-0:3.8.11-2.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7 RedHat rh-python38-python-cryptography-0:2.8-5.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7 RedHat rh-python38-python-jinja2-0:2.10.3-6.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7 RedHat rh-python38-python-lxml-0:4.4.1-7.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7 RedHat rh-python38-python-pip-0:19.3.1-2.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7 RedHat rh-python38-python-urllib3-0:1.25.7-7.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7 RedHat python27-python-0:2.7.18-4.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS RedHat rh-python38-babel-0:2.7.0-12.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS RedHat rh-python38-python-0:3.8.11-2.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS RedHat rh-python38-python-cryptography-0:2.8-5.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS RedHat rh-python38-python-jinja2-0:2.10.3-6.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS RedHat rh-python38-python-lxml-0:4.4.1-7.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS RedHat rh-python38-python-pip-0:19.3.1-2.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS RedHat rh-python38-python-urllib3-0:1.25.7-7.el7 *
Python2.7 Ubuntu bionic *
Python2.7 Ubuntu esm-apps/focal *
Python2.7 Ubuntu esm-apps/jammy *
Python2.7 Ubuntu esm-infra/xenial *
Python2.7 Ubuntu focal *
Python2.7 Ubuntu hirsute *
Python2.7 Ubuntu impish *
Python2.7 Ubuntu jammy *
Python2.7 Ubuntu kinetic *
Python2.7 Ubuntu trusty *
Python2.7 Ubuntu trusty/esm *
Python2.7 Ubuntu xenial *
Python3.10 Ubuntu hirsute *
Python3.4 Ubuntu trusty *
Python3.4 Ubuntu trusty/esm *
Python3.4 Ubuntu upstream *
Python3.5 Ubuntu esm-infra/xenial *
Python3.5 Ubuntu trusty *
Python3.5 Ubuntu trusty/esm *
Python3.5 Ubuntu upstream *
Python3.5 Ubuntu xenial *
Python3.6 Ubuntu bionic *
Python3.6 Ubuntu upstream *
Python3.7 Ubuntu bionic *
Python3.7 Ubuntu esm-apps/bionic *
Python3.7 Ubuntu upstream *
Python3.8 Ubuntu bionic *
Python3.8 Ubuntu esm-apps/bionic *
Python3.8 Ubuntu upstream *
Python3.9 Ubuntu hirsute *
Python3.9 Ubuntu upstream *

Potential Mitigations

References