CVE-2020-14422

MEDIUM

Python < 3.5.10 - Denial of Service via IPv4Interface and IPv6Interface Hash Calculation

Title source: llm
STIX 2.1

Description

Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. This is fixed in: v3.5.10, v3.5.10rc1; v3.6.12; v3.7.9; v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1; v3.9.0, v3.9.0b4, v3.9.0b5, v3.9.0rc1, v3.9.0rc2.

References (24)

Core 24
Core References
Mailing List, Third Party Advisory vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00003.html
Mailing List, Third Party Advisory vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00006.html
Mailing List, Third Party Advisory vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00032.html
Mailing List, Third Party Advisory vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00041.html
Third Party Advisory vendor-advisory
https://usn.ubuntu.com/4428-1/
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202008-01
Issue Tracking, Third Party Advisory
https://github.com/python/cpython/pull/20956

Scores

CVSS v3 5.9
EPSS 0.1271
EPSS Percentile 95.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-682 CWE-330
Status published
Products (6)
fedoraproject/fedora 31
fedoraproject/fedora 32
opensuse/leap 15.1
opensuse/leap 15.2
oracle/enterprise_manager_ops_center 12.4.0.0
python/python 3.0.0 - 3.5.10
Published Jun 18, 2020
Tracked Since Feb 18, 2026