{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2020-14422", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-04T12:46:34.369Z", "dateReserved": "2020-06-18T00:00:00", "datePublished": "2020-06-18T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-05-16T00:00:00"}, "descriptions": [{"lang": "en", "value": "Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. This is fixed in: v3.5.10, v3.5.10rc1; v3.6.12; v3.7.9; v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1; v3.9.0, v3.9.0b4, v3.9.0b5, v3.9.0rc1, v3.9.0rc2."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://bugs.python.org/issue41004"}, {"url": "https://github.com/python/cpython/pull/20956"}, {"name": "openSUSE-SU-2020:0931", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00003.html"}, {"name": "openSUSE-SU-2020:0940", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00006.html"}, {"name": "[debian-lts-announce] 20200715 [SECURITY] [DLA 2280-1] python3.5 security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html"}, {"name": "FEDORA-2020-b513391ca8", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X36Y523UAZY5QFXZAAORNFY63HLBWX7N/"}, {"name": "FEDORA-2020-705c6ea5be", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FCCZTAYZATTNSNEAXWA7U3HCO2OVQKT5/"}, {"name": "openSUSE-SU-2020:0989", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00032.html"}, {"name": "openSUSE-SU-2020:1002", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00041.html"}, {"name": "FEDORA-2020-dfb11916cc", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VT4AF72TJ2XNIKCR4WEBR7URBJJ4YZRD/"}, {"name": "USN-4428-1", "tags": ["vendor-advisory"], "url": "https://usn.ubuntu.com/4428-1/"}, {"name": "FEDORA-2020-c3b07cc5c9", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3TALOUBYU2MQD4BPLRTDQUMBKGCAXUA/"}, {"name": "FEDORA-2020-bb919e575e", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LE4O3PNDNNOMSKHNUKZKD3NGHIFUFDPX/"}, {"name": "GLSA-202008-01", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202008-01"}, {"name": "FEDORA-2020-1ddd5273d6", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YILCHHTNLH4GG4GSQBX2MZRKZBXOLCKE/"}, {"name": "FEDORA-2020-87c0a0a52d", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NTBKKOLFFNHG6CM4ACDX4APHSD5ZX5N4/"}, {"name": "FEDORA-2020-efb908b6a8", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CNHPQGSP2YM3JAUD2VAMPXTIUQTZ2M2U/"}, {"name": "FEDORA-2020-d808fdd597", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V53P2YOLEQH4J7S5QHXMKMZYFTVVMTMO/"}, {"name": "FEDORA-2020-982b2950db", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CTUNTBJ3POHONQOTLEZC46POCIYYTAKZ/"}, {"name": "FEDORA-2020-c539babb0a", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36XI3EEQNMHGOZEI63Y7UV6XZRELYEAU/"}, {"name": "FEDORA-2020-d30881c970", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OXI72HIHMXCQFWTULUXDG7VDA2BCYL4Y/"}, {"url": "https://www.oracle.com/security-alerts/cpujan2021.html"}, {"url": "https://security.netapp.com/advisory/ntap-20200724-0004/"}, {"name": "[debian-lts-announce] 20230515 [SECURITY] [DLA 3424-1] python-ipaddress security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00016.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T12:46:34.369Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugs.python.org/issue41004", "tags": ["x_transferred"]}, {"url": "https://github.com/python/cpython/pull/20956", "tags": ["x_transferred"]}, {"name": "openSUSE-SU-2020:0931", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00003.html"}, {"name": "openSUSE-SU-2020:0940", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00006.html"}, {"name": "[debian-lts-announce] 20200715 [SECURITY] [DLA 2280-1] python3.5 security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html"}, {"name": "FEDORA-2020-b513391ca8", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X36Y523UAZY5QFXZAAORNFY63HLBWX7N/"}, {"name": "FEDORA-2020-705c6ea5be", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FCCZTAYZATTNSNEAXWA7U3HCO2OVQKT5/"}, {"name": "openSUSE-SU-2020:0989", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00032.html"}, {"name": "openSUSE-SU-2020:1002", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00041.html"}, {"name": "FEDORA-2020-dfb11916cc", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VT4AF72TJ2XNIKCR4WEBR7URBJJ4YZRD/"}, {"name": "USN-4428-1", "tags": ["vendor-advisory", "x_transferred"], "url": "https://usn.ubuntu.com/4428-1/"}, {"name": "FEDORA-2020-c3b07cc5c9", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3TALOUBYU2MQD4BPLRTDQUMBKGCAXUA/"}, {"name": "FEDORA-2020-bb919e575e", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LE4O3PNDNNOMSKHNUKZKD3NGHIFUFDPX/"}, {"name": "GLSA-202008-01", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202008-01"}, {"name": "FEDORA-2020-1ddd5273d6", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YILCHHTNLH4GG4GSQBX2MZRKZBXOLCKE/"}, {"name": "FEDORA-2020-87c0a0a52d", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NTBKKOLFFNHG6CM4ACDX4APHSD5ZX5N4/"}, {"name": "FEDORA-2020-efb908b6a8", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CNHPQGSP2YM3JAUD2VAMPXTIUQTZ2M2U/"}, {"name": "FEDORA-2020-d808fdd597", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V53P2YOLEQH4J7S5QHXMKMZYFTVVMTMO/"}, {"name": "FEDORA-2020-982b2950db", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CTUNTBJ3POHONQOTLEZC46POCIYYTAKZ/"}, {"name": "FEDORA-2020-c539babb0a", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36XI3EEQNMHGOZEI63Y7UV6XZRELYEAU/"}, {"name": "FEDORA-2020-d30881c970", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OXI72HIHMXCQFWTULUXDG7VDA2BCYL4Y/"}, {"url": "https://www.oracle.com/security-alerts/cpujan2021.html", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20200724-0004/", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20230515 [SECURITY] [DLA 3424-1] python-ipaddress security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00016.html"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "matchCriteriaId": "0DCA021D-A322-4442-A030-B723D8F8C7E5", "versionEndExcluding": "3.5.10", "versionStartIncluding": "3.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "matchCriteriaId": "7EB6A6FC-6C82-4543-8DAA-96FF2BACDB5C", "versionEndExcluding": "3.6.12", "versionStartIncluding": "3.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "matchCriteriaId": "045171F0-A76D-4385-B2AE-51479B425C45", "versionEndExcluding": "3.7.9", "versionStartIncluding": "3.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9409BD5-670F-4C69-A4D2-ACF9AD8F335B", "versionEndExcluding": "3.8.4", "versionStartIncluding": "3.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "B095CC03-7077-4A58-AB25-CC5380CDCE5A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. This is fixed in: v3.5.10, v3.5.10rc1; v3.6.12; v3.7.9; v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1; v3.9.0, v3.9.0b4, v3.9.0b5, v3.9.0rc1, v3.9.0rc2."}, {"lang": "es", "value": "La biblioteca Lib/ipaddress.py en Python versiones hasta 3.8.3, calcula inapropiadamente los valores de hash en las clases IPv4Interface e IPv6Interface, lo que podr\u00eda permitir a un atacante remoto causar una denegaci\u00f3n de servicio si una aplicaci\u00f3n est\u00e1 afectada por el desempe\u00f1o de un diccionario que contiene objetos de IPv4Interface o IPv6Interface, y este atacante puede causar que muchas entradas de diccionario sean creadas. Esto esta corregido en las versiones: v3.5.10, v3.5.10rc1; v3.6.12; v3.7.9; v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1; v3.9.0, v3.9.0b4, v3.9.0b5, v3.9.0rc1, v3.9.0rc2"}], "id": "CVE-2020-14422", "lastModified": "2023-11-07T03:17:14.010", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-06-18T14:15:11.047", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00003.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00006.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00032.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00041.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://bugs.python.org/issue41004"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/python/cpython/pull/20956"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00016.html"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36XI3EEQNMHGOZEI63Y7UV6XZRELYEAU/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CNHPQGSP2YM3JAUD2VAMPXTIUQTZ2M2U/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CTUNTBJ3POHONQOTLEZC46POCIYYTAKZ/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FCCZTAYZATTNSNEAXWA7U3HCO2OVQKT5/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LE4O3PNDNNOMSKHNUKZKD3NGHIFUFDPX/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NTBKKOLFFNHG6CM4ACDX4APHSD5ZX5N4/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OXI72HIHMXCQFWTULUXDG7VDA2BCYL4Y/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3TALOUBYU2MQD4BPLRTDQUMBKGCAXUA/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V53P2YOLEQH4J7S5QHXMKMZYFTVVMTMO/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VT4AF72TJ2XNIKCR4WEBR7URBJJ4YZRD/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X36Y523UAZY5QFXZAAORNFY63HLBWX7N/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YILCHHTNLH4GG4GSQBX2MZRKZBXOLCKE/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202008-01"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20200724-0004/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4428-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2021.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-330"}, {"lang": "en", "value": "CWE-682"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2020:5010", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "python3-0:3.6.8-18.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-11-10T00:00:00Z"}, {"advisory": "RHSA-2020:4433", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "python3-0:3.6.8-31.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-11-04T00:00:00Z"}, {"advisory": "RHSA-2020:4641", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "python38:3.8-8030020200818121840.4190259b", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-11-04T00:00:00Z"}, {"advisory": "RHSA-2020:4433", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "python3-0:3.6.8-31.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-11-04T00:00:00Z"}, {"advisory": "RHSA-2020:4285", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6", "package": "rh-python36-python-0:3.6.12-1.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2020-10-19T00:00:00Z"}, {"advisory": "RHSA-2020:4285", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6", "package": "rh-python36-python-pip-0:9.0.1-5.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2020-10-19T00:00:00Z"}, {"advisory": "RHSA-2020:4285", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6", "package": "rh-python36-python-virtualenv-0:15.1.0-3.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2020-10-19T00:00:00Z"}, {"advisory": "RHSA-2020:4285", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-python36-python-0:3.6.12-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2020-10-19T00:00:00Z"}, {"advisory": "RHSA-2020:4285", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-python36-python-pip-0:9.0.1-5.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2020-10-19T00:00:00Z"}, {"advisory": "RHSA-2020:4285", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-python36-python-virtualenv-0:15.1.0-3.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2020-10-19T00:00:00Z"}, {"advisory": "RHSA-2020:4299", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-python38-python-0:3.8.6-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4299", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-python38-python-psutil-0:5.6.4-5.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4299", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-python38-python-urllib3-0:1.25.7-6.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4285", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-python36-python-0:3.6.12-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2020-10-19T00:00:00Z"}, {"advisory": "RHSA-2020:4285", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-python36-python-pip-0:9.0.1-5.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2020-10-19T00:00:00Z"}, {"advisory": "RHSA-2020:4285", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-python36-python-virtualenv-0:15.1.0-3.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2020-10-19T00:00:00Z"}, {"advisory": "RHSA-2020:4299", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-python38-python-0:3.8.6-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4299", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-python38-python-psutil-0:5.6.4-5.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4299", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-python38-python-urllib3-0:1.25.7-6.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4285", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-python36-python-0:3.6.12-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS", "release_date": "2020-10-19T00:00:00Z"}, {"advisory": "RHSA-2020:4285", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-python36-python-pip-0:9.0.1-5.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS", "release_date": "2020-10-19T00:00:00Z"}, {"advisory": "RHSA-2020:4285", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-python36-python-virtualenv-0:15.1.0-3.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS", "release_date": "2020-10-19T00:00:00Z"}, {"advisory": "RHSA-2020:4299", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-python38-python-0:3.8.6-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4299", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-python38-python-psutil-0:5.6.4-5.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4299", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-python38-python-urllib3-0:1.25.7-6.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS", "release_date": "2020-10-20T00:00:00Z"}], "bugzilla": {"description": "python: DoS via inefficiency in IPv{4,6}Interface classes", "id": "1854926", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1854926"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-400", "details": ["Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. This is fixed in: v3.5.10, v3.5.10rc1; v3.6.12; v3.7.9; v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1; v3.9.0, v3.9.0b4, v3.9.0b5, v3.9.0rc1, v3.9.0rc2.", "A vulnerability was found in the way the ipaddress python module computes hash values in the IPv4Interface and IPv6Interface classes. This flaw allows an attacker to create many dictionary entries, due to the performance of a dictionary containing the IPv4Interface or IPv6Interface objects, possibly resulting in a denial of service. The highest threat from this vulnerability is to system availability."], "mitigation": {"lang": "en:us", "value": "As a short term solution, if your application is using the IPv4Interface/IPv6Interface classes as keys of a dictionary, it is possible to patch the __hash__ method of those classes to not be constant.\n```\nIPv4Interface.__hash__ = lambda self: hash((self._ip, self._prefixlen, int(self.network.network_address)))\nIPv6Interface.__hash__ = lambda self: hash((self._ip, self._prefixlen, int(self.network.network_address)))\n```"}, "name": "CVE-2020-14422", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "python", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "python", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "python-ipaddress", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "python-pip", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "python27:2.7/python2-pip", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "python27:2.7/python-ipaddress", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "python36:3.6/python36", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "python-pip", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Will not fix", "package_name": "python-ipaddress", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Will not fix", "package_name": "python27-python-pip", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Will not fix", "package_name": "rh-python38-python-pip", "product_name": "Red Hat Software Collections"}], "public_date": "2020-06-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-14422\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14422"], "statement": "In Red Hat Enterprise Linux, python3 includes the ipaddress module by default, while for python2 a separate package, python-ipaddress, needs to be installed for the module to be used. Moreover, the ipaddress module is included in other packages as well, like python-pip.", "threat_severity": "Moderate"}