SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

Download | Alert*

CVE

CVE-2021-29921

In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:		CVSS V2 Severity:
CVSS Score : 9.8		CVSS Score : 7.5
Exploit Score: 3.9		Exploit Score: 10.0
Impact Score: 5.9		Impact Score: 6.4

CVSS V3 Metrics:		CVSS V2 Metrics:
Attack Vector: NETWORK		Access Vector: NETWORK
Attack Complexity: LOW		Access Complexity: LOW
Privileges Required: NONE		Authentication: NONE
User Interaction: NONE		Confidentiality: PARTIAL
Scope: UNCHANGED		Integrity: PARTIAL
Confidentiality: HIGH		Availability: PARTIAL
Integrity: HIGH
Availability: HIGH

Reference:

GLSA-202305-02

N/A

https://bugs.python.org/issue36384

https://docs.python.org/3/library/ipaddress.html

https://github.com/python/cpython/blob/63298930fb531ba2bb4f23bc3b915dbf1e17e9e1/Misc/NEWS.d/3.8.0a4.rst

https://github.com/python/cpython/pull/12577

https://github.com/python/cpython/pull/25099

https://github.com/sickcodes

https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-014.md

https://python-security.readthedocs.io/vuln/ipaddress-ipv4-leading-zeros.html

https://security.netapp.com/advisory/ntap-20210622-0003/

https://sick.codes/sick-2021-014

https://www.oracle.com/security-alerts/cpuapr2022.html

https://www.oracle.com/security-alerts/cpujan2022.html

https://www.oracle.com/security-alerts/cpuoct2021.html


30430



423868



247621



909



194512



282