CVE-2021-29921

Exploit

EPSS 1.87%
Veröffentlicht 06.05.2021 13:15:12
Zuletzt bearbeitet 03.11.2025 22:15:48
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 20

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Python ≫ Python Version >= 3.8.0 < 3.8.12

Python ≫ Python Version >= 3.9.0 < 3.9.5

Oracle ≫ Communications Cloud Native Core Automated Test Suite Version1.8.0

Oracle ≫ Communications Cloud Native Core Binding Support Function Version1.11.0

Oracle ≫ Communications Cloud Native Core Network Slice Selection Function Version1.8.0

Oracle ≫ Graalvm Version20.3.2 SwEditionenterprise

Oracle ≫ Graalvm Version21.1.0 SwEditionenterprise

Oracle ≫ Zfs Storage Appliance Kit Version8.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.87%	0.825

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

https://www.oracle.com/security-alerts/cpuapr2022.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpujan2022.html

Patch

Third Party Advisory

https://www.oracle.com//security-alerts/cpujul2021.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpuoct2021.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpujul2022.html

https://github.com/sickcodes

Third Party Advisory

https://security.gentoo.org/glsa/202305-02

https://bugs.python.org/issue36384

Patch

Vendor Advisory

Issue Tracking

https://docs.python.org/3/library/ipaddress.html

Vendor Advisory

https://github.com/python/cpython/blob/63298930fb531ba2bb4f23bc3b915dbf1e17e9e1/Misc/NEWS.d/3.8.0a4.rst

Third Party Advisory

https://github.com/python/cpython/pull/12577

Patch

Third Party Advisory

https://github.com/python/cpython/pull/25099

Patch

Third Party Advisory

https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-014.md

Third Party Advisory

Exploit

https://python-security.readthedocs.io/vuln/ipaddress-ipv4-leading-zeros.html

Vendor Advisory

https://security.netapp.com/advisory/ntap-20210622-0003/

Third Party Advisory

https://sick.codes/sick-2021-014

Third Party Advisory

Exploit

https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html

https://nvd.nist.gov/vuln/detail/CVE-2021-29921

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-29921

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-29921

EUVD