CVE - CVE-2020-14422

CVE-ID
CVE-2020-14422	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. This is fixed in: v3.5.10, v3.5.10rc1; v3.6.12; v3.7.9; v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1; v3.9.0, v3.9.0b4, v3.9.0b5, v3.9.0rc1, v3.9.0rc2.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
CONFIRM:https://security.netapp.com/advisory/ntap-20200724-0004/ URL:https://security.netapp.com/advisory/ntap-20200724-0004/ FEDORA:FEDORA-2020-1ddd5273d6 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YILCHHTNLH4GG4GSQBX2MZRKZBXOLCKE/ FEDORA:FEDORA-2020-705c6ea5be URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FCCZTAYZATTNSNEAXWA7U3HCO2OVQKT5/ FEDORA:FEDORA-2020-87c0a0a52d URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NTBKKOLFFNHG6CM4ACDX4APHSD5ZX5N4/ FEDORA:FEDORA-2020-982b2950db URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CTUNTBJ3POHONQOTLEZC46POCIYYTAKZ/ FEDORA:FEDORA-2020-b513391ca8 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X36Y523UAZY5QFXZAAORNFY63HLBWX7N/ FEDORA:FEDORA-2020-bb919e575e URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LE4O3PNDNNOMSKHNUKZKD3NGHIFUFDPX/ FEDORA:FEDORA-2020-c3b07cc5c9 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V3TALOUBYU2MQD4BPLRTDQUMBKGCAXUA/ FEDORA:FEDORA-2020-c539babb0a URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36XI3EEQNMHGOZEI63Y7UV6XZRELYEAU/ FEDORA:FEDORA-2020-d30881c970 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXI72HIHMXCQFWTULUXDG7VDA2BCYL4Y/ FEDORA:FEDORA-2020-d808fdd597 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V53P2YOLEQH4J7S5QHXMKMZYFTVVMTMO/ FEDORA:FEDORA-2020-dfb11916cc URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VT4AF72TJ2XNIKCR4WEBR7URBJJ4YZRD/ FEDORA:FEDORA-2020-efb908b6a8 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CNHPQGSP2YM3JAUD2VAMPXTIUQTZ2M2U/ GENTOO:GLSA-202008-01 URL:https://security.gentoo.org/glsa/202008-01 MISC:https://bugs.python.org/issue41004 URL:https://bugs.python.org/issue41004 MISC:https://github.com/python/cpython/pull/20956 URL:https://github.com/python/cpython/pull/20956 MISC:https://www.oracle.com/security-alerts/cpujan2021.html URL:https://www.oracle.com/security-alerts/cpujan2021.html MLIST:[debian-lts-announce] 20200715 [SECURITY] [DLA 2280-1] python3.5 security update URL:https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html MLIST:[debian-lts-announce] 20230515 [SECURITY] [DLA 3424-1] python-ipaddress security update URL:https://lists.debian.org/debian-lts-announce/2023/05/msg00016.html SUSE:openSUSE-SU-2020:0931 URL:http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00003.html SUSE:openSUSE-SU-2020:0940 URL:http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00006.html SUSE:openSUSE-SU-2020:0989 URL:http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00032.html SUSE:openSUSE-SU-2020:1002 URL:http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00041.html UBUNTU:USN-4428-1 URL:https://usn.ubuntu.com/4428-1/
Assigning CNA
MITRE Corporation
Date Record Created
20200618	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20200618)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)