CVE - CVE-2024-4032

CVE-ID
CVE-2024-4032	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn’t be returned in accordance with the latest information from the IANA Special-Purpose Address Registries. CPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://github.com/python/cpython/commit/22adf29da8d99933ffed8647d3e0726edd16f7f8 URL:https://github.com/python/cpython/commit/22adf29da8d99933ffed8647d3e0726edd16f7f8 MISC:https://github.com/python/cpython/commit/40d75c2b7f5c67e254d0a025e0f2e2c7ada7f69f URL:https://github.com/python/cpython/commit/40d75c2b7f5c67e254d0a025e0f2e2c7ada7f69f MISC:https://github.com/python/cpython/commit/895f7e2ac23eff4743143beef0f0c5ac71ea27d3 URL:https://github.com/python/cpython/commit/895f7e2ac23eff4743143beef0f0c5ac71ea27d3 MISC:https://github.com/python/cpython/commit/ba431579efdcbaed7a96f2ac4ea0775879a332fb URL:https://github.com/python/cpython/commit/ba431579efdcbaed7a96f2ac4ea0775879a332fb MISC:https://github.com/python/cpython/commit/c62c9e518b784fe44432a3f4fc265fb95b651906 URL:https://github.com/python/cpython/commit/c62c9e518b784fe44432a3f4fc265fb95b651906 MISC:https://github.com/python/cpython/commit/f86b17ac511e68192ba71f27e752321a3252cee3 URL:https://github.com/python/cpython/commit/f86b17ac511e68192ba71f27e752321a3252cee3 MISC:https://github.com/python/cpython/issues/113171 URL:https://github.com/python/cpython/issues/113171 MISC:https://github.com/python/cpython/pull/113179 URL:https://github.com/python/cpython/pull/113179 MISC:https://mail.python.org/archives/list/security-announce@python.org/thread/NRUHDUS2IV2USIZM2CVMSFL6SCKU3RZA/ URL:https://mail.python.org/archives/list/security-announce@python.org/thread/NRUHDUS2IV2USIZM2CVMSFL6SCKU3RZA/ MISC:https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml URL:https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml MISC:https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml URL:https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml MLIST:[oss-security] 20240617 Fwd: [Security-announce][CVE-2024-4032] Incorrect IPv4 and IPv6 private ranges URL:http://www.openwall.com/lists/oss-security/2024/06/17/3
Assigning CNA
Python Software Foundation
Date Record Created
20240422	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20240422)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)

Use of the CVE® List and the associated references from this website are subject to the terms of use. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 1999–2024, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation.