Lucene search

K
nvd[email protected]NVD:CVE-2020-14422
HistoryJun 18, 2020 - 2:15 p.m.

CVE-2020-14422

2020-06-1814:15:11
CWE-682
CWE-330
web.nvd.nist.gov
8
cve-2020-14422
python
ip address
hash computation
vulnerability
denial of service
remote attacker
dictionary
performance
fix
v3.5.10
v3.6.12
v3.7.9
v3.8.4
v3.8.5
v3.8.6
v3.9.0

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.01

Percentile

83.7%

Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. This is fixed in: v3.5.10, v3.5.10rc1; v3.6.12; v3.7.9; v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1; v3.9.0, v3.9.0b4, v3.9.0b5, v3.9.0rc1, v3.9.0rc2.

Affected configurations

Nvd
Node
pythonpythonRange3.0.03.5.10
OR
pythonpythonRange3.6.03.6.12
OR
pythonpythonRange3.7.03.7.9
OR
pythonpythonRange3.8.03.8.4
OR
opensuseleapMatch15.1
OR
opensuseleapMatch15.2
Node
fedoraprojectfedoraMatch31
OR
fedoraprojectfedoraMatch32
Node
oracleenterprise_manager_ops_centerMatch12.4.0.0
VendorProductVersionCPE
pythonpython*cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
opensuseleap15.1cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
opensuseleap15.2cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
fedoraprojectfedora31cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
fedoraprojectfedora32cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
oracleenterprise_manager_ops_center12.4.0.0cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*

References

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.01

Percentile

83.7%