CVE-2024-4032
HIGHCPython ipaddress Module IP Address Classification Flaw
Title source: llmDescription
The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn’t be returned in accordance with the latest information from the IANA Special-Purpose Address Registries. CPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior.
References (14)
Core 14
Core References
Various Sources
https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml
Various Sources
https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml
Vendor Advisory
https://security.netapp.com/advisory/ntap-20240726-0004/
Issue Tracking issue-tracking
https://github.com/python/cpython/issues/113171
Issue Tracking patch
https://github.com/python/cpython/pull/113179
Various Sources vendor-advisory
https://mail.python.org/archives/list/[email protected]/thread/NRUHDUS2IV2USIZM2CVMSFL6SCKU3RZA/
Scores
CVSS v3
7.5
EPSS
0.0104
EPSS Percentile
59.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-697
Status
published
Products (6)
Python Software Foundation/CPython
< 3.8.20
Python Software Foundation/CPython
3.10.0 - 3.10.15
Python Software Foundation/CPython
3.11.0 - 3.11.10
Python Software Foundation/CPython
3.12.0 - 3.12.4
Python Software Foundation/CPython
3.13.0a1 - 3.13.0a6
Python Software Foundation/CPython
3.9.0 - 3.9.20
Published
Jun 17, 2024
Tracked Since
Feb 18, 2026