9.8

CVE-2021-29921

Exploit
In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PythonPython Version >= 3.8.0 < 3.8.12
PythonPython Version >= 3.9.0 < 3.9.5
OracleGraalvm Version20.3.2 SwEditionenterprise
OracleGraalvm Version21.1.0 SwEditionenterprise
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.83% 0.932
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://www.oracle.com/security-alerts/cpuapr2022.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html
Patch
Third Party Advisory
https://www.oracle.com//security-alerts/cpujul2021.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html
https://github.com/sickcodes
Third Party Advisory
https://security.gentoo.org/glsa/202305-02
https://bugs.python.org/issue36384
Patch
Vendor Advisory
Issue Tracking
https://docs.python.org/3/library/ipaddress.html
Vendor Advisory
https://github.com/python/cpython/blob/63298930fb531ba2bb4f23bc3b915dbf1e17e9e1/Misc/NEWS.d/3.8.0a4.rst
Third Party Advisory
https://github.com/python/cpython/pull/12577
Patch
Third Party Advisory
https://github.com/python/cpython/pull/25099
Patch
Third Party Advisory
https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-014.md
Third Party Advisory
Exploit
https://python-security.readthedocs.io/vuln/ipaddress-ipv4-leading-zeros.html
Vendor Advisory
https://security.netapp.com/advisory/ntap-20210622-0003/
Third Party Advisory
https://sick.codes/sick-2021-014
Third Party Advisory
Exploit
https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html