In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
03 May 2023, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Jul 2022, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
12 Jul 2022, 17:42
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-Other |
12 May 2022, 14:06
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory | |
CPE | cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.11.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:* |
|
First Time |
Oracle communications Cloud Native Core Network Slice Selection Function
Oracle communications Cloud Native Core Binding Support Function |
20 Apr 2022, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Mar 2022, 17:17
Type | Values Removed | Values Added |
---|---|---|
First Time |
Oracle graalvm
Oracle Oracle communications Cloud Native Core Automated Test Suite Oracle zfs Storage Appliance Kit |
|
CPE | cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.8.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm:21.1.0:*:*:*:enterprise:*:*:* cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm:20.3.2:*:*:*:enterprise:*:*:* |
|
References | (MISC) https://www.oracle.com/security-alerts/cpujan2022.html - Patch, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuoct2021.html - Patch, Third Party Advisory | |
References | (N/A) https://www.oracle.com//security-alerts/cpujul2021.html - Patch, Third Party Advisory |
07 Feb 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
29 Nov 2021, 16:36
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.oracle.com/security-alerts/cpuoct2021.html - Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20210622-0003/ - Third Party Advisory | |
References | (N/A) https://www.oracle.com//security-alerts/cpujul2021.html - Third Party Advisory |
20 Oct 2021, 11:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Jun 2021, 09:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
24 May 2021, 05:15
Type | Values Removed | Values Added |
---|---|---|
Summary | In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses. |
14 May 2021, 18:43
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://docs.python.org/3/library/ipaddress.html - Vendor Advisory | |
References | (MISC) https://github.com/sickcodes - Third Party Advisory | |
References | (MISC) https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-014.md - Exploit, Third Party Advisory | |
References | (MISC) https://bugs.python.org/issue36384 - Issue Tracking, Patch, Vendor Advisory | |
References | (MISC) https://github.com/python/cpython/pull/12577 - Patch, Third Party Advisory | |
References | (MISC) https://github.com/python/cpython/pull/25099 - Patch, Third Party Advisory | |
References | (MISC) https://python-security.readthedocs.io/vuln/ipaddress-ipv4-leading-zeros.html - Vendor Advisory | |
References | (MISC) https://sick.codes/sick-2021-014 - Exploit, Third Party Advisory | |
References | (MISC) https://github.com/python/cpython/blob/63298930fb531ba2bb4f23bc3b915dbf1e17e9e1/Misc/NEWS.d/3.8.0a4.rst - Third Party Advisory | |
CPE | cpe:2.3:a:python:python:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
CWE | CWE-20 |
06 May 2021, 13:16
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-05-06 13:15
Updated : 2023-12-10 13:55
NVD link : CVE-2021-29921
Mitre link : CVE-2021-29921
CVE.ORG link : CVE-2021-29921
JSON object : View
Products Affected
oracle
- communications_cloud_native_core_network_slice_selection_function
- graalvm
- zfs_storage_appliance_kit
- communications_cloud_native_core_binding_support_function
- communications_cloud_native_core_automated_test_suite
python
- python
CWE