{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-4032", "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22", "state": "PUBLISHED", "assignerShortName": "PSF", "dateReserved": "2024-04-22T17:15:47.895Z", "datePublished": "2024-06-17T15:05:58.827Z", "dateUpdated": "2024-09-17T15:55:55.506Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "CPython", "repo": "https://github.com/python/cpython", "vendor": "Python Software Foundation", "versions": [{"version": "0", "lessThan": "3.8.20", "status": "affected", "versionType": "python"}, {"version": "3.9.0", "lessThan": "3.9.20", "status": "affected", "versionType": "python"}, {"version": "3.10.0", "lessThan": "3.10.15", "status": "affected", "versionType": "python"}, {"version": "3.11.0", "lessThan": "3.11.10", "status": "affected", "versionType": "python"}, {"version": "3.12.0", "lessThan": "3.12.4", "status": "affected", "versionType": "python"}, {"version": "3.13.0a1", "lessThan": "3.13.0a6", "status": "affected", "versionType": "python"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p><span style=\"background-color: transparent;\">The \u201cipaddress\u201d module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn\u2019t be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.</span></p><p><span style=\"background-color: transparent;\">CPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior.</span></p>"}], "value": "The \u201cipaddress\u201d module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn\u2019t be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.\n\nCPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior."}], "providerMetadata": {"orgId": "28c92f92-d60d-412d-b760-e73465c3df22", "shortName": "PSF", "dateUpdated": "2024-09-07T02:44:42.321Z"}, "references": [{"tags": ["issue-tracking"], "url": "https://github.com/python/cpython/issues/113171"}, {"tags": ["patch"], "url": "https://github.com/python/cpython/pull/113179"}, {"url": "https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml"}, {"url": "https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml"}, {"tags": ["vendor-advisory"], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/NRUHDUS2IV2USIZM2CVMSFL6SCKU3RZA/"}, {"tags": ["patch"], "url": "https://github.com/python/cpython/commit/22adf29da8d99933ffed8647d3e0726edd16f7f8"}, {"tags": ["patch"], "url": "https://github.com/python/cpython/commit/40d75c2b7f5c67e254d0a025e0f2e2c7ada7f69f"}, {"tags": ["patch"], "url": "https://github.com/python/cpython/commit/895f7e2ac23eff4743143beef0f0c5ac71ea27d3"}, {"tags": ["patch"], "url": "https://github.com/python/cpython/commit/ba431579efdcbaed7a96f2ac4ea0775879a332fb"}, {"tags": ["patch"], "url": "https://github.com/python/cpython/commit/c62c9e518b784fe44432a3f4fc265fb95b651906"}, {"tags": ["patch"], "url": "https://github.com/python/cpython/commit/f86b17ac511e68192ba71f27e752321a3252cee3"}, {"url": "http://www.openwall.com/lists/oss-security/2024/06/17/3"}, {"url": "https://security.netapp.com/advisory/ntap-20240726-0004/"}], "source": {"discovery": "UNKNOWN"}, "title": "Incorrect IPv4 and IPv6 private ranges", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:26:57.360Z"}, "title": "CVE Program Container", "references": [{"tags": ["issue-tracking", "x_transferred"], "url": "https://github.com/python/cpython/issues/113171"}, {"tags": ["patch", "x_transferred"], "url": "https://github.com/python/cpython/pull/113179"}, {"url": "https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml", "tags": ["x_transferred"]}, {"url": "https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml", "tags": ["x_transferred"]}, {"tags": ["vendor-advisory", "x_transferred"], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/NRUHDUS2IV2USIZM2CVMSFL6SCKU3RZA/"}, {"tags": ["patch", "x_transferred"], "url": "https://github.com/python/cpython/commit/22adf29da8d99933ffed8647d3e0726edd16f7f8"}, {"tags": ["patch", "x_transferred"], "url": "https://github.com/python/cpython/commit/40d75c2b7f5c67e254d0a025e0f2e2c7ada7f69f"}, {"tags": ["patch", "x_transferred"], "url": "https://github.com/python/cpython/commit/895f7e2ac23eff4743143beef0f0c5ac71ea27d3"}, {"tags": ["patch", "x_transferred"], "url": "https://github.com/python/cpython/commit/ba431579efdcbaed7a96f2ac4ea0775879a332fb"}, {"tags": ["patch", "x_transferred"], "url": "https://github.com/python/cpython/commit/c62c9e518b784fe44432a3f4fc265fb95b651906"}, {"tags": ["patch", "x_transferred"], "url": "https://github.com/python/cpython/commit/f86b17ac511e68192ba71f27e752321a3252cee3"}, {"url": "http://www.openwall.com/lists/oss-security/2024/06/17/3", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240726-0004/", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-697", "lang": "en", "description": "CWE-697 Incorrect Comparison"}]}], "affected": [{"vendor": "python", "product": "cpython", "cpes": ["cpe:2.3:a:python:cpython:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.12.4", "versionType": "custom"}, {"version": "3.13.0a1", "status": "affected", "lessThan": "3.13.0a6", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-08-08T18:21:11.207929Z", "id": "CVE-2024-4032", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-17T15:55:55.506Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/python/cpython/issues/113171", "tags": ["issue-tracking", "x_transferred"]}, {"url": "https://github.com/python/cpython/pull/113179", "tags": ["patch", "x_transferred"]}, {"url": "https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml", "tags": ["x_transferred"]}, {"url": "https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml", "tags": ["x_transferred"]}, {"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/NRUHDUS2IV2USIZM2CVMSFL6SCKU3RZA/", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://github.com/python/cpython/commit/22adf29da8d99933ffed8647d3e0726edd16f7f8", "tags": ["patch", "x_transferred"]}, {"url": "https://github.com/python/cpython/commit/40d75c2b7f5c67e254d0a025e0f2e2c7ada7f69f", "tags": ["patch", "x_transferred"]}, {"url": "https://github.com/python/cpython/commit/895f7e2ac23eff4743143beef0f0c5ac71ea27d3", "tags": ["patch", "x_transferred"]}, {"url": "https://github.com/python/cpython/commit/ba431579efdcbaed7a96f2ac4ea0775879a332fb", "tags": ["patch", "x_transferred"]}, {"url": "https://github.com/python/cpython/commit/c62c9e518b784fe44432a3f4fc265fb95b651906", "tags": ["patch", "x_transferred"]}, {"url": "https://github.com/python/cpython/commit/f86b17ac511e68192ba71f27e752321a3252cee3", "tags": ["patch", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/06/17/3", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240726-0004/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:26:57.360Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-4032", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-08T18:21:11.207929Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:python:cpython:*:*:*:*:*:*:*:*"], "vendor": "python", "product": "cpython", "versions": [{"status": "affected", "version": "0", "lessThan": "3.12.4", "versionType": "custom"}, {"status": "affected", "version": "3.13.0a1", "lessThan": "3.13.0a6", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-697", "description": "CWE-697 Incorrect Comparison"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-13T19:39:05.396Z"}}], "cna": {"title": "Incorrect IPv4 and IPv6 private ranges", "source": {"discovery": "UNKNOWN"}, "affected": [{"repo": "https://github.com/python/cpython", "vendor": "Python Software Foundation", "product": "CPython", "versions": [{"status": "affected", "version": "0", "lessThan": "3.8.20", "versionType": "python"}, {"status": "affected", "version": "3.9.0", "lessThan": "3.9.20", "versionType": "python"}, {"status": "affected", "version": "3.10.0", "lessThan": "3.10.15", "versionType": "python"}, {"status": "affected", "version": "3.11.0", "lessThan": "3.11.10", "versionType": "python"}, {"status": "affected", "version": "3.12.0", "lessThan": "3.12.4", "versionType": "python"}, {"status": "affected", "version": "3.13.0a1", "lessThan": "3.13.0a6", "versionType": "python"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/python/cpython/issues/113171", "tags": ["issue-tracking"]}, {"url": "https://github.com/python/cpython/pull/113179", "tags": ["patch"]}, {"url": "https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml"}, {"url": "https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml"}, {"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/NRUHDUS2IV2USIZM2CVMSFL6SCKU3RZA/", "tags": ["vendor-advisory"]}, {"url": "https://github.com/python/cpython/commit/22adf29da8d99933ffed8647d3e0726edd16f7f8", "tags": ["patch"]}, {"url": "https://github.com/python/cpython/commit/40d75c2b7f5c67e254d0a025e0f2e2c7ada7f69f", "tags": ["patch"]}, {"url": "https://github.com/python/cpython/commit/895f7e2ac23eff4743143beef0f0c5ac71ea27d3", "tags": ["patch"]}, {"url": "https://github.com/python/cpython/commit/ba431579efdcbaed7a96f2ac4ea0775879a332fb", "tags": ["patch"]}, {"url": "https://github.com/python/cpython/commit/c62c9e518b784fe44432a3f4fc265fb95b651906", "tags": ["patch"]}, {"url": "https://github.com/python/cpython/commit/f86b17ac511e68192ba71f27e752321a3252cee3", "tags": ["patch"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/06/17/3"}, {"url": "https://security.netapp.com/advisory/ntap-20240726-0004/"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "The \u201cipaddress\u201d module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn\u2019t be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.\n\nCPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior.", "supportingMedia": [{"type": "text/html", "value": "<p><span style=\"background-color: transparent;\">The \u201cipaddress\u201d module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn\u2019t be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.</span></p><p><span style=\"background-color: transparent;\">CPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior.</span></p>", "base64": false}]}], "providerMetadata": {"orgId": "28c92f92-d60d-412d-b760-e73465c3df22", "shortName": "PSF", "dateUpdated": "2024-09-07T02:44:42.321Z"}}}, "cveMetadata": {"cveId": "CVE-2024-4032", "state": "PUBLISHED", "dateUpdated": "2024-09-17T15:55:55.506Z", "dateReserved": "2024-04-22T17:15:47.895Z", "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22", "datePublished": "2024-06-17T15:05:58.827Z", "assignerShortName": "PSF"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "The \u201cipaddress\u201d module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn\u2019t be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.\n\nCPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior."}, {"lang": "es", "value": "El m\u00f3dulo \"ipaddress\" conten\u00eda informaci\u00f3n incorrecta sobre si ciertas direcciones IPv4 e IPv6 estaban designadas como \"accesibles globalmente\" o \"privadas\". Esto afect\u00f3 las propiedades is_private e is_global de las clases ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address y ipaddress.IPv6Network, donde los valores no se devolver\u00edan de acuerdo con la informaci\u00f3n m\u00e1s reciente de los Registros de direcciones de prop\u00f3sito especial de la IANA. CPython 3.12.4 y 3.13.0a6 contienen informaci\u00f3n actualizada de estos registros y, por lo tanto, tienen el comportamiento previsto."}], "id": "CVE-2024-4032", "lastModified": "2024-11-21T09:42:03.990", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-06-17T15:15:52.517", "references": [{"source": "cna@python.org", "url": "http://www.openwall.com/lists/oss-security/2024/06/17/3"}, {"source": "cna@python.org", "url": "https://github.com/python/cpython/commit/22adf29da8d99933ffed8647d3e0726edd16f7f8"}, {"source": "cna@python.org", "url": "https://github.com/python/cpython/commit/40d75c2b7f5c67e254d0a025e0f2e2c7ada7f69f"}, {"source": "cna@python.org", "url": "https://github.com/python/cpython/commit/895f7e2ac23eff4743143beef0f0c5ac71ea27d3"}, {"source": "cna@python.org", "url": "https://github.com/python/cpython/commit/ba431579efdcbaed7a96f2ac4ea0775879a332fb"}, {"source": "cna@python.org", "url": "https://github.com/python/cpython/commit/c62c9e518b784fe44432a3f4fc265fb95b651906"}, {"source": "cna@python.org", "url": "https://github.com/python/cpython/commit/f86b17ac511e68192ba71f27e752321a3252cee3"}, {"source": "cna@python.org", "url": "https://github.com/python/cpython/issues/113171"}, {"source": "cna@python.org", "url": "https://github.com/python/cpython/pull/113179"}, {"source": "cna@python.org", "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/NRUHDUS2IV2USIZM2CVMSFL6SCKU3RZA/"}, {"source": "cna@python.org", "url": "https://security.netapp.com/advisory/ntap-20240726-0004/"}, {"source": "cna@python.org", "url": "https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml"}, {"source": "cna@python.org", "url": "https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2024/06/17/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/python/cpython/commit/22adf29da8d99933ffed8647d3e0726edd16f7f8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/python/cpython/commit/40d75c2b7f5c67e254d0a025e0f2e2c7ada7f69f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/python/cpython/commit/895f7e2ac23eff4743143beef0f0c5ac71ea27d3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/python/cpython/commit/ba431579efdcbaed7a96f2ac4ea0775879a332fb"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/python/cpython/commit/c62c9e518b784fe44432a3f4fc265fb95b651906"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/python/cpython/commit/f86b17ac511e68192ba71f27e752321a3252cee3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/python/cpython/issues/113171"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/python/cpython/pull/113179"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/NRUHDUS2IV2USIZM2CVMSFL6SCKU3RZA/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20240726-0004/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml"}], "sourceIdentifier": "cna@python.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-697"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:5962", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "python39:3.9-8100020240826142629.d47b87a4", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-08-28T00:00:00Z"}, {"advisory": "RHSA-2024:5962", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "python39-devel:3.9-8100020240826142629.d47b87a4", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-08-28T00:00:00Z"}, {"advisory": "RHSA-2024:6961", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "python3.12-0:3.12.5-2.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-09-24T00:00:00Z"}, {"advisory": "RHSA-2024:6962", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "python3.11-0:3.11.9-7.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-09-24T00:00:00Z"}, {"advisory": "RHSA-2024:6975", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "python3-0:3.6.8-67.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-09-24T00:00:00Z"}, {"advisory": "RHSA-2024:6975", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "python3-0:3.6.8-67.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-09-24T00:00:00Z"}, {"advisory": "RHSA-2024:7417", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "python3-0:3.6.8-47.el8_6.7", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2024-10-01T00:00:00Z"}, {"advisory": "RHSA-2024:7417", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "python3-0:3.6.8-47.el8_6.7", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2024-10-01T00:00:00Z"}, {"advisory": "RHSA-2024:7417", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "python3-0:3.6.8-47.el8_6.7", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2024-10-01T00:00:00Z"}, {"advisory": "RHSA-2024:6030", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "python3-0:3.6.8-51.el8_8.7", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-08-29T00:00:00Z"}, {"advisory": "RHSA-2024:4766", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "python3.11-0:3.11.7-1.el9_4.3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-07-23T00:00:00Z"}, {"advisory": "RHSA-2024:4779", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "python3.9-0:3.9.18-3.el9_4.3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-07-23T00:00:00Z"}, {"advisory": "RHSA-2024:9190", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "python3.12-0:3.12.5-2.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:4779", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "python3.9-0:3.9.18-3.el9_4.3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-07-23T00:00:00Z"}], "bugzilla": {"description": "python: incorrect IPv4 and IPv6 private ranges", "id": "2292921", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292921"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified"}, "cwe": "CWE-440", "details": ["The \u201cipaddress\u201d module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn\u2019t be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.\nCPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior.", "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries."], "name": "CVE-2024-4032", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "python", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "python", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "python3", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "python36:3.6/python36", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2024-06-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-4032\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-4032"], "threat_severity": "Low", "upstream_fix": "CPython 3.12.4, CPython 3.13.0a6"}