7.5

CVE-2024-4032

EPSS 1.13%
Veröffentlicht 17.06.2024 15:15:52
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle cna@python.org
CVE-Watchlists
Login
Unerledigt
Login

Incorrect IPv4 and IPv6 private ranges

The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn’t be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.

CPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 17

CNA 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)

Herstellerpython

≫

Produkt cpython

Default Statusunknown

Version 0

Version < 3.12.4

Status affected

Version 3.13.0a1

Version < 3.13.0a6

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.13%	0.779

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-697 Incorrect Comparison

The product compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.

http://www.openwall.com/lists/oss-security/2024/06/17/3

https://github.com/python/cpython/commit/22adf29da8d99933ffed8647d3e0726edd16f7f8

https://github.com/python/cpython/commit/40d75c2b7f5c67e254d0a025e0f2e2c7ada7f69f

https://github.com/python/cpython/commit/895f7e2ac23eff4743143beef0f0c5ac71ea27d3

https://github.com/python/cpython/commit/ba431579efdcbaed7a96f2ac4ea0775879a332fb

https://github.com/python/cpython/commit/c62c9e518b784fe44432a3f4fc265fb95b651906

https://github.com/python/cpython/commit/f86b17ac511e68192ba71f27e752321a3252cee3

https://github.com/python/cpython/issues/113171

https://github.com/python/cpython/pull/113179

https://mail.python.org/archives/list/security-announce@python.org/thread/NRUHDUS2IV2USIZM2CVMSFL6SCKU3RZA/

https://security.netapp.com/advisory/ntap-20240726-0004/

https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml

https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml

https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html

https://nvd.nist.gov/vuln/detail/CVE-2024-4032

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-4032

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-4032

EUVD