ALT-PU-2021-2560-1
Package ocaml-ipaddr updated to version 5.1.0-alt1 for branch sisyphus in task 283246.
Closed vulnerabilities
Published: 2019-03-20
BDU:2021-04696
Уязвимость библиотеки ipaddress интерпретатора языка программирования Python, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Severity: CRITICAL (9.8)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2021-05-06
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2021-29921
In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses.
Severity: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- https://bugs.python.org/issue36384
- https://bugs.python.org/issue36384
- https://docs.python.org/3/library/ipaddress.html
- https://docs.python.org/3/library/ipaddress.html
- https://github.com/python/cpython/blob/63298930fb531ba2bb4f23bc3b915dbf1e17e9e1/Misc/NEWS.d/3.8.0a4.rst
- https://github.com/python/cpython/blob/63298930fb531ba2bb4f23bc3b915dbf1e17e9e1/Misc/NEWS.d/3.8.0a4.rst
- https://github.com/python/cpython/pull/12577
- https://github.com/python/cpython/pull/12577
- https://github.com/python/cpython/pull/25099
- https://github.com/python/cpython/pull/25099
- https://github.com/sickcodes
- https://github.com/sickcodes
- https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-014.md
- https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-014.md
- https://python-security.readthedocs.io/vuln/ipaddress-ipv4-leading-zeros.html
- https://python-security.readthedocs.io/vuln/ipaddress-ipv4-leading-zeros.html
- GLSA-202305-02
- GLSA-202305-02
- https://security.netapp.com/advisory/ntap-20210622-0003/
- https://security.netapp.com/advisory/ntap-20210622-0003/
- https://sick.codes/sick-2021-014
- https://sick.codes/sick-2021-014
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/security-alerts/cpuoct2021.html