CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
17.6%
The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn’t be returned in accordance with the latest information from the IANA Special-Purpose Address Registries. CPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 11 | all | python2.7 | < 2.7.18-8+deb11u1 | python2.7_2.7.18-8+deb11u1_all.deb |
Debian | 12 | all | python3.11 | < 3.11.2-6+deb12u3 | python3.11_3.11.2-6+deb12u3_all.deb |
Debian | 999 | all | python3.12 | < 3.12.4-1 | python3.12_3.12.4-1_all.deb |
Debian | 13 | all | python3.12 | < 3.12.4-1 | python3.12_3.12.4-1_all.deb |
Debian | 999 | all | python3.13 | < 3.13.0~rc2-1 | python3.13_3.13.0~rc2-1_all.deb |
Debian | 13 | all | python3.13 | < 3.13.0~rc2-1 | python3.13_3.13.0~rc2-1_all.deb |
Debian | 11 | all | python3.9 | <= 3.9.2-1 | python3.9_3.9.2-1_all.deb |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
17.6%