CVE-2021-29921 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Insufficient validation
Description	Improper input validation of octal strings in Python stdlib ipaddress before version 3.9.5 allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many programs that rely on Python stdlib ipaddress. IP address octects are left stripped instead of evaluated as valid IP addresses.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1913	python	3.9.4-1	3.9.5-1	Medium	Fixed

References
https://python-security.readthedocs.io/vuln/ipaddress-ipv4-leading-zeros.html https://bugs.python.org/issue36384 https://github.com/python/cpython/pull/25099 https://github.com/python/cpython/commit/5374fbc31446364bf5f12e5ab88c5493c35eaf04

References

https://python-security.readthedocs.io/vuln/ipaddress-ipv4-leading-zeros.html
https://bugs.python.org/issue36384
https://github.com/python/cpython/pull/25099
https://github.com/python/cpython/commit/5374fbc31446364bf5f12e5ab88c5493c35eaf04