Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
1

CVE-2020-14422

Disclosure Date: June 18, 2020
CVE-2020-14422 CVSS v3 Base Score: 5.9
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. This is fixed in: v3.5.10, v3.5.10rc1; v3.6.12; v3.7.9; v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1; v3.9.0, v3.9.0b4, v3.9.0b5, v3.9.0rc1, v3.9.0rc2.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
5.9 Medium
Impact Score:
3.6
Exploitability Score:
2.2
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
High
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
None
Integrity (I):
None
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • fedoraproject,
  • opensuse,
  • oracle,
  • python

Products

  • enterprise manager ops center 12.4.0.0,
  • fedora 31,
  • fedora 32,
  • leap 15.1,
  • leap 15.2,
  • python

References

Canonical
CVE-2020-14422 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14422)
Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00006.html
[debian-lts-announce] 20200715 [SECURITY] [DLA 2280-1] python3.5 security update (https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html)
FEDORA-2020-b513391ca8 (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X36Y523UAZY5QFXZAAORNFY63HLBWX7N)
FEDORA-2020-705c6ea5be (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FCCZTAYZATTNSNEAXWA7U3HCO2OVQKT5)
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00032.html
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00041.html
FEDORA-2020-dfb11916cc (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VT4AF72TJ2XNIKCR4WEBR7URBJJ4YZRD)
https://security.netapp.com/advisory/ntap-20200724-0004
USN-4428-1 (https://usn.ubuntu.com/4428-1)
FEDORA-2020-c3b07cc5c9 (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V3TALOUBYU2MQD4BPLRTDQUMBKGCAXUA)
FEDORA-2020-bb919e575e (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LE4O3PNDNNOMSKHNUKZKD3NGHIFUFDPX)
GLSA-202008-01 (https://security.gentoo.org/glsa/202008-01)
FEDORA-2020-1ddd5273d6 (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YILCHHTNLH4GG4GSQBX2MZRKZBXOLCKE)
FEDORA-2020-87c0a0a52d (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NTBKKOLFFNHG6CM4ACDX4APHSD5ZX5N4)
FEDORA-2020-efb908b6a8 (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CNHPQGSP2YM3JAUD2VAMPXTIUQTZ2M2U)
FEDORA-2020-d808fdd597 (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V53P2YOLEQH4J7S5QHXMKMZYFTVVMTMO)
FEDORA-2020-982b2950db (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CTUNTBJ3POHONQOTLEZC46POCIYYTAKZ)
FEDORA-2020-c539babb0a (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36XI3EEQNMHGOZEI63Y7UV6XZRELYEAU)
FEDORA-2020-b513391ca8 (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X36Y523UAZY5QFXZAAORNFY63HLBWX7N/)
FEDORA-2020-705c6ea5be (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FCCZTAYZATTNSNEAXWA7U3HCO2OVQKT5/)
FEDORA-2020-dfb11916cc (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VT4AF72TJ2XNIKCR4WEBR7URBJJ4YZRD/)
https://security.netapp.com/advisory/ntap-20200724-0004/
USN-4428-1 (https://usn.ubuntu.com/4428-1/)
FEDORA-2020-c3b07cc5c9 (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V3TALOUBYU2MQD4BPLRTDQUMBKGCAXUA/)
FEDORA-2020-bb919e575e (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LE4O3PNDNNOMSKHNUKZKD3NGHIFUFDPX/)
FEDORA-2020-1ddd5273d6 (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YILCHHTNLH4GG4GSQBX2MZRKZBXOLCKE/)
FEDORA-2020-87c0a0a52d (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NTBKKOLFFNHG6CM4ACDX4APHSD5ZX5N4/)
FEDORA-2020-efb908b6a8 (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CNHPQGSP2YM3JAUD2VAMPXTIUQTZ2M2U/)
FEDORA-2020-d808fdd597 (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V53P2YOLEQH4J7S5QHXMKMZYFTVVMTMO/)
FEDORA-2020-982b2950db (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CTUNTBJ3POHONQOTLEZC46POCIYYTAKZ/)
FEDORA-2020-c539babb0a (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36XI3EEQNMHGOZEI63Y7UV6XZRELYEAU/)
FEDORA-2020-d30881c970 (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXI72HIHMXCQFWTULUXDG7VDA2BCYL4Y/)
[debian-lts-announce] 20230515 [SECURITY] [DLA 3424-1] python-ipaddress security update (https://lists.debian.org/debian-lts-announce/2023/05/msg00016.html)
Miscellaneous
https://bugs.python.org/issue41004
https://github.com/python/cpython/pull/20956
https://www.oracle.com/security-alerts/cpujan2021.html

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis