CVE-2021-4189

A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.

Weakness

The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.

Affected Software

Name	Vendor	Start Version	End Version
Python	Python	3.6.0 (including)	3.6.14 (excluding)
Python	Python	3.7.0 (including)	3.7.11 (excluding)
Python	Python	3.8.0 (including)	3.8.9 (excluding)
Python	Python	3.9.0 (including)	3.9.3 (excluding)
Python	Python	3.10.0 (including)	3.10.0 (including)
Red Hat Enterprise Linux 8	RedHat	python27:2.7-8060020220210185952.8cdc2268	*
Red Hat Enterprise Linux 8	RedHat	python3-0:3.6.8-45.el8	*
Red Hat Enterprise Linux 8	RedHat	python3-0:3.6.8-45.el8	*
Red Hat Software Collections for Red Hat Enterprise Linux 7	RedHat	rh-python38-babel-0:2.7.0-12.el7	*
Red Hat Software Collections for Red Hat Enterprise Linux 7	RedHat	rh-python38-python-0:3.8.11-2.el7	*
Red Hat Software Collections for Red Hat Enterprise Linux 7	RedHat	rh-python38-python-cryptography-0:2.8-5.el7	*
Red Hat Software Collections for Red Hat Enterprise Linux 7	RedHat	rh-python38-python-jinja2-0:2.10.3-6.el7	*
Red Hat Software Collections for Red Hat Enterprise Linux 7	RedHat	rh-python38-python-lxml-0:4.4.1-7.el7	*
Red Hat Software Collections for Red Hat Enterprise Linux 7	RedHat	rh-python38-python-pip-0:19.3.1-2.el7	*
Red Hat Software Collections for Red Hat Enterprise Linux 7	RedHat	rh-python38-python-urllib3-0:1.25.7-7.el7	*
Red Hat Software Collections for Red Hat Enterprise Linux 7	RedHat	python27-python-0:2.7.18-4.el7	*
Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS	RedHat	rh-python38-babel-0:2.7.0-12.el7	*
Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS	RedHat	rh-python38-python-0:3.8.11-2.el7	*
Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS	RedHat	rh-python38-python-cryptography-0:2.8-5.el7	*
Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS	RedHat	rh-python38-python-jinja2-0:2.10.3-6.el7	*
Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS	RedHat	rh-python38-python-lxml-0:4.4.1-7.el7	*
Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS	RedHat	rh-python38-python-pip-0:19.3.1-2.el7	*
Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS	RedHat	rh-python38-python-urllib3-0:1.25.7-7.el7	*
Python2.7	Ubuntu	bionic	*
Python2.7	Ubuntu	esm-apps/focal	*
Python2.7	Ubuntu	esm-apps/jammy	*
Python2.7	Ubuntu	esm-infra/xenial	*
Python2.7	Ubuntu	focal	*
Python2.7	Ubuntu	hirsute	*
Python2.7	Ubuntu	impish	*
Python2.7	Ubuntu	jammy	*
Python2.7	Ubuntu	kinetic	*
Python2.7	Ubuntu	trusty	*
Python2.7	Ubuntu	trusty/esm	*
Python2.7	Ubuntu	xenial	*
Python3.10	Ubuntu	hirsute	*
Python3.4	Ubuntu	trusty	*
Python3.4	Ubuntu	trusty/esm	*
Python3.4	Ubuntu	upstream	*
Python3.5	Ubuntu	esm-infra-legacy/trusty	*
Python3.5	Ubuntu	esm-infra/xenial	*
Python3.5	Ubuntu	trusty	*
Python3.5	Ubuntu	trusty/esm	*
Python3.5	Ubuntu	upstream	*
Python3.5	Ubuntu	xenial	*
Python3.6	Ubuntu	bionic	*
Python3.6	Ubuntu	upstream	*
Python3.7	Ubuntu	bionic	*
Python3.7	Ubuntu	esm-apps/bionic	*
Python3.7	Ubuntu	upstream	*
Python3.8	Ubuntu	bionic	*
Python3.8	Ubuntu	esm-apps/bionic	*
Python3.8	Ubuntu	upstream	*
Python3.9	Ubuntu	hirsute	*
Python3.9	Ubuntu	upstream	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-4189
CWE	https://cwe.mitre.org/data/definitions/252.html

Unchecked Return Value

Weakness

Affected Software

Potential Mitigations

References