CVE-2021-29921

Exploit

EPSS 1.79%
Published 06.05.2021 13:15:12
Last modified 21.11.2024 06:01:59
Source cve@mitre.org
Teams watchlist Login
Open Login

In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses.

Affected products Warnungen 0 Metrics 3 CWE 0 References 19

Data is provided by the National Vulnerability Database (NVD)

Python ≫ Python Version >= 3.8.0 < 3.8.12

Python ≫ Python Version >= 3.9.0 < 3.9.5

Oracle ≫ Communications Cloud Native Core Automated Test Suite Version1.8.0

Oracle ≫ Communications Cloud Native Core Binding Support Function Version1.11.0

Oracle ≫ Communications Cloud Native Core Network Slice Selection Function Version1.8.0

Oracle ≫ Graalvm Version20.3.2 SwEditionenterprise

Oracle ≫ Graalvm Version21.1.0 SwEditionenterprise

Oracle ≫ Zfs Storage Appliance Kit Version8.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.79%	0.822

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

https://www.oracle.com/security-alerts/cpuapr2022.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpujan2022.html

Patch

Third Party Advisory

https://www.oracle.com//security-alerts/cpujul2021.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpuoct2021.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpujul2022.html

https://github.com/sickcodes

Third Party Advisory

https://security.gentoo.org/glsa/202305-02

https://bugs.python.org/issue36384

Patch

Vendor Advisory

Issue Tracking

https://docs.python.org/3/library/ipaddress.html

Vendor Advisory

https://github.com/python/cpython/blob/63298930fb531ba2bb4f23bc3b915dbf1e17e9e1/Misc/NEWS.d/3.8.0a4.rst

Third Party Advisory

https://github.com/python/cpython/pull/12577

Patch

Third Party Advisory

https://github.com/python/cpython/pull/25099

Patch

Third Party Advisory

https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-014.md

Third Party Advisory

Exploit

https://python-security.readthedocs.io/vuln/ipaddress-ipv4-leading-zeros.html

Vendor Advisory

https://security.netapp.com/advisory/ntap-20210622-0003/

Third Party Advisory

https://sick.codes/sick-2021-014

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2021-29921

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-29921

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-29921

EUVD