CVE-2020-14422

MEDIUM

Description

Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. This is fixed in: v3.5.10, v3.5.10rc1; v3.6.12; v3.7.9; v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1; v3.9.0, v3.9.0b4, v3.9.0b5, v3.9.0rc1, v3.9.0rc2.

References

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00032.html

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00041.html

https://bugs.python.org/issue41004

https://github.com/python/cpython/pull/20956

https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/36XI3EEQNMHGOZEI63Y7UV6XZRELYEAU/

https://lists.fedoraproject.org/archives/list/[email protected]/message/CNHPQGSP2YM3JAUD2VAMPXTIUQTZ2M2U/

https://lists.fedoraproject.org/archives/list/[email protected]/message/CTUNTBJ3POHONQOTLEZC46POCIYYTAKZ/

https://lists.fedoraproject.org/archives/list/[email protected]/message/FCCZTAYZATTNSNEAXWA7U3HCO2OVQKT5/

https://lists.fedoraproject.org/archives/list/[email protected]/message/LE4O3PNDNNOMSKHNUKZKD3NGHIFUFDPX/

https://lists.fedoraproject.org/archives/list/[email protected]/message/NTBKKOLFFNHG6CM4ACDX4APHSD5ZX5N4/

https://lists.fedoraproject.org/archives/list/[email protected]/message/OXI72HIHMXCQFWTULUXDG7VDA2BCYL4Y/

https://lists.fedoraproject.org/archives/list/[email protected]/message/V3TALOUBYU2MQD4BPLRTDQUMBKGCAXUA/

https://lists.fedoraproject.org/archives/list/[email protected]/message/V53P2YOLEQH4J7S5QHXMKMZYFTVVMTMO/

https://lists.fedoraproject.org/archives/list/[email protected]/message/VT4AF72TJ2XNIKCR4WEBR7URBJJ4YZRD/

https://lists.fedoraproject.org/archives/list/[email protected]/message/X36Y523UAZY5QFXZAAORNFY63HLBWX7N/

https://lists.fedoraproject.org/archives/list/[email protected]/message/YILCHHTNLH4GG4GSQBX2MZRKZBXOLCKE/

https://security.gentoo.org/glsa/202008-01

https://security.netapp.com/advisory/ntap-20200724-0004/

https://usn.ubuntu.com/4428-1/

https://www.oracle.com/security-alerts/cpujan2021.html

Details

Source: MITRE

Published: 2020-06-18

Updated: 2021-02-03

Type: CWE-400

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 5.9

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 2.2

Severity: MEDIUM

Tenable Plugins

View all (51 total)

IDNameProductFamilySeverity
147485EulerOS : python3 (EulerOS-SA-2021-1623)NessusHuawei Local Security Checks
high
147364NewStart CGSL MAIN 6.02 : python3 Multiple Vulnerabilities (NS-SA-2021-0059)NessusNewStart CGSL Local Security Checks
medium
147302NewStart CGSL CORE 5.04 / MAIN 5.04 : python3 Multiple Vulnerabilities (NS-SA-2021-0029)NessusNewStart CGSL Local Security Checks
medium
146036CentOS 8 : python38:3.8 (CESA-2020:4641)NessusCentOS Local Security Checks
critical
145883CentOS 8 : python3 (CESA-2020:4433)NessusCentOS Local Security Checks
medium
145389openSUSE Security Update : python3 (openSUSE-2020-2333)NessusSuSE Local Security Checks
high
145326openSUSE Security Update : python3 (openSUSE-2020-2332)NessusSuSE Local Security Checks
high
145170EulerOS 2.0 SP3 : python-ipaddress (EulerOS-SA-2021-1115)NessusHuawei Local Security Checks
medium
144586SUSE SLED15 / SLES15 Security Update : python3 (SUSE-SU-2020:3930-1)NessusSuSE Local Security Checks
high
143782SUSE SLES12 Security Update : python3 (SUSE-SU-2020:2699-1)NessusSuSE Local Security Checks
medium
143646SUSE SLES12 Security Update : python36 (SUSE-SU-2020:3563-1)NessusSuSE Local Security Checks
medium
143048CentOS 7 : python3 (CESA-2020:5010)NessusCentOS Local Security Checks
medium
142819Scientific Linux Security Update : python3 on SL7.x i686/x86_64 (2020:5010)NessusScientific Linux Local Security Checks
medium
142786Oracle Linux 8 : python3 (ELSA-2020-4433)NessusOracle Linux Local Security Checks
medium
142745Oracle Linux 7 : python3 (ELSA-2020-5010)NessusOracle Linux Local Security Checks
medium
142696RHEL 7 : python3 (RHSA-2020:5010)NessusRed Hat Local Security Checks
medium
142547EulerOS Virtualization 3.0.6.6 : python-ipaddress (EulerOS-SA-2020-2472)NessusHuawei Local Security Checks
medium
142431RHEL 8 : python38:3.8 (RHSA-2020:4641)NessusRed Hat Local Security Checks
critical
142400RHEL 8 : python3 (RHSA-2020:4433)NessusRed Hat Local Security Checks
medium
142334EulerOS : python-ipaddress (EulerOS-SA-2020-2438)NessusHuawei Local Security Checks
medium
142295EulerOS 2.0 SP9 : python-ipaddress (EulerOS-SA-2020-2420)NessusHuawei Local Security Checks
medium
142121EulerOS 2.0 SP5 : python-ipaddress (EulerOS-SA-2020-2265)NessusHuawei Local Security Checks
medium
141521Fedora 32 : python34 (2020-d30881c970)NessusFedora Local Security Checks
medium
140678FreeBSD : Python -- multiple vulnerabilities (2cb21232-fb32-11ea-a929-a4bf014bf5f7)NessusFreeBSD Local Security Checks
medium
140207Amazon Linux AMI : python34 (ALAS-2020-1432)NessusAmazon Linux Local Security Checks
medium
140195Amazon Linux 2 : python3 (ALAS-2020-1484)NessusAmazon Linux Local Security Checks
medium
140003EulerOS Virtualization for ARM 64 3.0.6.0 : python3 (EulerOS-SA-2020-1900)NessusHuawei Local Security Checks
medium
139762Fedora 31 : python35 (2020-c539babb0a)NessusFedora Local Security Checks
medium
139714FreeBSD : Python -- multiple vulnerabilities (3fcb70a4-e22d-11ea-98b2-080027846a02)NessusFreeBSD Local Security Checks
medium
139635Fedora 32 : python35 (2020-982b2950db)NessusFedora Local Security Checks
medium
139588Fedora 31 : python3 (2020-d808fdd597)NessusFedora Local Security Checks
medium
139566SUSE SLES12 Security Update : python36 (SUSE-SU-2020:2216-1)NessusSuSE Local Security Checks
medium
139527Fedora 31 : python36 (2020-efb908b6a8)NessusFedora Local Security Checks
medium
139345Fedora 32 : python37 (2020-87c0a0a52d)NessusFedora Local Security Checks
medium
139343Fedora 32 : python36 (2020-1ddd5273d6)NessusFedora Local Security Checks
medium
139274GLSA-202008-01 : Python: Multiple vulnerabilitiesNessusGentoo Local Security Checks
medium
139217Fedora 32 : python3 / python3-docs (2020-c3b07cc5c9)NessusFedora Local Security Checks
medium
139216Fedora 31 : python38 (2020-bb919e575e)NessusFedora Local Security Checks
medium
139153EulerOS 2.0 SP8 : python3 (EulerOS-SA-2020-1823)NessusHuawei Local Security Checks
medium
139051Photon OS 1.0: Python3 PHSA-2020-1.0-0309NessusPhotonOS Local Security Checks
medium
138872Ubuntu 16.04 LTS / 18.04 LTS / 20.04 : Python vulnerabilities (USN-4428-1)NessusUbuntu Local Security Checks
medium
138867Fedora 32 : mingw-python3 (2020-dfb11916cc)NessusFedora Local Security Checks
medium
138752openSUSE Security Update : python-ipaddress (openSUSE-2020-989)NessusSuSE Local Security Checks
medium
138730openSUSE Security Update : python3 (openSUSE-2020-940)NessusSuSE Local Security Checks
medium
138724openSUSE Security Update : python3 (openSUSE-2020-931)NessusSuSE Local Security Checks
medium
138669openSUSE Security Update : python-ipaddress (openSUSE-2020-1002)NessusSuSE Local Security Checks
medium
138580Fedora 31 : python39 (2020-b513391ca8)NessusFedora Local Security Checks
medium
138579Fedora 32 : python39 (2020-705c6ea5be)NessusFedora Local Security Checks
medium
138529Debian DLA-2280-1 : python3.5 security updateNessusDebian Local Security Checks
medium
138514Photon OS 3.0: Python3 PHSA-2020-3.0-0111NessusPhotonOS Local Security Checks
medium
138189Photon OS 2.0: Python3 PHSA-2020-2.0-0258NessusPhotonOS Local Security Checks
medium