CVE-2021-29921

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-29921
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-29921.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-29921
Aliases
Related
Published
2021-05-06T13:15:12Z
Modified
2024-09-18T03:16:09.641158Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses.

References

Affected packages

Alpine:v3.15 / python3

Package

Name
python3
Purl
pkg:apk/alpine/python3?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.9.5-r0

Affected versions

3.*

3.1.3-r0
3.2.0-r0
3.2.3-r0
3.3.0-r0
3.3.2-r0
3.3.3-r0
3.3.4-r0
3.4.1-r0
3.4.2-r0
3.4.2-r1
3.4.3-r1
3.4.3-r2
3.5.0-r0
3.5.1-r0
3.5.1-r1
3.5.1-r2
3.5.1-r3
3.5.2-r0
3.5.2-r1
3.5.2-r2
3.5.2-r3
3.5.2-r4
3.5.2-r5
3.5.2-r6
3.5.2-r7
3.5.2-r8
3.5.2-r9
3.5.2-r10
3.6.0-r0
3.6.1-r0
3.6.1-r1
3.6.1-r2
3.6.1-r3
3.6.1-r4
3.6.2-r0
3.6.2-r1
3.6.2-r2
3.6.2-r3
3.6.3-r3
3.6.3-r4
3.6.3-r5
3.6.3-r6
3.6.3-r7
3.6.3-r8
3.6.3-r9
3.6.4-r0
3.6.4-r1
3.6.6-r0
3.6.6-r1
3.6.6-r2
3.6.6-r3
3.6.7-r0
3.6.8-r0
3.6.8-r1
3.6.8-r2
3.7.2-r0
3.7.3-r0
3.7.3-r1
3.7.4-r0
3.7.5-r0
3.7.5-r1
3.8.0-r0
3.8.1-r0
3.8.1-r1
3.8.1-r2
3.8.1-r3
3.8.2-r0
3.8.2-r1
3.8.2-r2
3.8.2-r3
3.8.2-r4
3.8.2-r5
3.8.2-r6
3.8.2-r7
3.8.3-r0
3.8.4-r0
3.8.5-r0
3.8.5-r1
3.8.5-r2
3.8.6-r0
3.8.7-r0
3.8.7-r1
3.8.7-r2
3.8.7-r3
3.8.8-r0
3.9.1-r0
3.9.2-r0
3.9.4-r0

Alpine:v3.16 / python3

Package

Name
python3
Purl
pkg:apk/alpine/python3?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.9.5-r0

Affected versions

3.*

3.1.3-r0
3.2.0-r0
3.2.3-r0
3.3.0-r0
3.3.2-r0
3.3.3-r0
3.3.4-r0
3.4.1-r0
3.4.2-r0
3.4.2-r1
3.4.3-r1
3.4.3-r2
3.5.0-r0
3.5.1-r0
3.5.1-r1
3.5.1-r2
3.5.1-r3
3.5.2-r0
3.5.2-r1
3.5.2-r2
3.5.2-r3
3.5.2-r4
3.5.2-r5
3.5.2-r6
3.5.2-r7
3.5.2-r8
3.5.2-r9
3.5.2-r10
3.6.0-r0
3.6.1-r0
3.6.1-r1
3.6.1-r2
3.6.1-r3
3.6.1-r4
3.6.2-r0
3.6.2-r1
3.6.2-r2
3.6.2-r3
3.6.3-r3
3.6.3-r4
3.6.3-r5
3.6.3-r6
3.6.3-r7
3.6.3-r8
3.6.3-r9
3.6.4-r0
3.6.4-r1
3.6.6-r0
3.6.6-r1
3.6.6-r2
3.6.6-r3
3.6.7-r0
3.6.8-r0
3.6.8-r1
3.6.8-r2
3.7.2-r0
3.7.3-r0
3.7.3-r1
3.7.4-r0
3.7.5-r0
3.7.5-r1
3.8.0-r0
3.8.1-r0
3.8.1-r1
3.8.1-r2
3.8.1-r3
3.8.2-r0
3.8.2-r1
3.8.2-r2
3.8.2-r3
3.8.2-r4
3.8.2-r5
3.8.2-r6
3.8.2-r7
3.8.3-r0
3.8.4-r0
3.8.5-r0
3.8.5-r1
3.8.5-r2
3.8.6-r0
3.8.7-r0
3.8.7-r1
3.8.7-r2
3.8.7-r3
3.8.8-r0
3.9.1-r0
3.9.2-r0
3.9.4-r0

Alpine:v3.17 / python3

Package

Name
python3
Purl
pkg:apk/alpine/python3?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.9.5-r0

Affected versions

3.*

3.1.3-r0
3.2.0-r0
3.2.3-r0
3.3.0-r0
3.3.2-r0
3.3.3-r0
3.3.4-r0
3.4.1-r0
3.4.2-r0
3.4.2-r1
3.4.3-r1
3.4.3-r2
3.5.0-r0
3.5.1-r0
3.5.1-r1
3.5.1-r2
3.5.1-r3
3.5.2-r0
3.5.2-r1
3.5.2-r2
3.5.2-r3
3.5.2-r4
3.5.2-r5
3.5.2-r6
3.5.2-r7
3.5.2-r8
3.5.2-r9
3.5.2-r10
3.6.0-r0
3.6.1-r0
3.6.1-r1
3.6.1-r2
3.6.1-r3
3.6.1-r4
3.6.2-r0
3.6.2-r1
3.6.2-r2
3.6.2-r3
3.6.3-r3
3.6.3-r4
3.6.3-r5
3.6.3-r6
3.6.3-r7
3.6.3-r8
3.6.3-r9
3.6.4-r0
3.6.4-r1
3.6.6-r0
3.6.6-r1
3.6.6-r2
3.6.6-r3
3.6.7-r0
3.6.8-r0
3.6.8-r1
3.6.8-r2
3.7.2-r0
3.7.3-r0
3.7.3-r1
3.7.4-r0
3.7.5-r0
3.7.5-r1
3.8.0-r0
3.8.1-r0
3.8.1-r1
3.8.1-r2
3.8.1-r3
3.8.2-r0
3.8.2-r1
3.8.2-r2
3.8.2-r3
3.8.2-r4
3.8.2-r5
3.8.2-r6
3.8.2-r7
3.8.3-r0
3.8.4-r0
3.8.5-r0
3.8.5-r1
3.8.5-r2
3.8.6-r0
3.8.7-r0
3.8.7-r1
3.8.7-r2
3.8.7-r3
3.8.8-r0
3.9.1-r0
3.9.2-r0
3.9.4-r0

Alpine:v3.18 / python3

Package

Name
python3
Purl
pkg:apk/alpine/python3?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.9.5-r0

Affected versions

3.*

3.1.3-r0
3.2.0-r0
3.2.3-r0
3.3.0-r0
3.3.2-r0
3.3.3-r0
3.3.4-r0
3.4.1-r0
3.4.2-r0
3.4.2-r1
3.4.3-r1
3.4.3-r2
3.5.0-r0
3.5.1-r0
3.5.1-r1
3.5.1-r2
3.5.1-r3
3.5.2-r0
3.5.2-r1
3.5.2-r2
3.5.2-r3
3.5.2-r4
3.5.2-r5
3.5.2-r6
3.5.2-r7
3.5.2-r8
3.5.2-r9
3.5.2-r10
3.6.0-r0
3.6.1-r0
3.6.1-r1
3.6.1-r2
3.6.1-r3
3.6.1-r4
3.6.2-r0
3.6.2-r1
3.6.2-r2
3.6.2-r3
3.6.3-r3
3.6.3-r4
3.6.3-r5
3.6.3-r6
3.6.3-r7
3.6.3-r8
3.6.3-r9
3.6.4-r0
3.6.4-r1
3.6.6-r0
3.6.6-r1
3.6.6-r2
3.6.6-r3
3.6.7-r0
3.6.8-r0
3.6.8-r1
3.6.8-r2
3.7.2-r0
3.7.3-r0
3.7.3-r1
3.7.4-r0
3.7.5-r0
3.7.5-r1
3.8.0-r0
3.8.1-r0
3.8.1-r1
3.8.1-r2
3.8.1-r3
3.8.2-r0
3.8.2-r1
3.8.2-r2
3.8.2-r3
3.8.2-r4
3.8.2-r5
3.8.2-r6
3.8.2-r7
3.8.3-r0
3.8.4-r0
3.8.5-r0
3.8.5-r1
3.8.5-r2
3.8.6-r0
3.8.7-r0
3.8.7-r1
3.8.7-r2
3.8.7-r3
3.8.8-r0
3.9.1-r0
3.9.2-r0
3.9.4-r0

Alpine:v3.19 / python3

Package

Name
python3
Purl
pkg:apk/alpine/python3?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.9.5-r0

Affected versions

3.*

3.1.3-r0
3.2.0-r0
3.2.3-r0
3.3.0-r0
3.3.2-r0
3.3.3-r0
3.3.4-r0
3.4.1-r0
3.4.2-r0
3.4.2-r1
3.4.3-r1
3.4.3-r2
3.5.0-r0
3.5.1-r0
3.5.1-r1
3.5.1-r2
3.5.1-r3
3.5.2-r0
3.5.2-r1
3.5.2-r2
3.5.2-r3
3.5.2-r4
3.5.2-r5
3.5.2-r6
3.5.2-r7
3.5.2-r8
3.5.2-r9
3.5.2-r10
3.6.0-r0
3.6.1-r0
3.6.1-r1
3.6.1-r2
3.6.1-r3
3.6.1-r4
3.6.2-r0
3.6.2-r1
3.6.2-r2
3.6.2-r3
3.6.3-r3
3.6.3-r4
3.6.3-r5
3.6.3-r6
3.6.3-r7
3.6.3-r8
3.6.3-r9
3.6.4-r0
3.6.4-r1
3.6.6-r0
3.6.6-r1
3.6.6-r2
3.6.6-r3
3.6.7-r0
3.6.8-r0
3.6.8-r1
3.6.8-r2
3.7.2-r0
3.7.3-r0
3.7.3-r1
3.7.4-r0
3.7.5-r0
3.7.5-r1
3.8.0-r0
3.8.1-r0
3.8.1-r1
3.8.1-r2
3.8.1-r3
3.8.2-r0
3.8.2-r1
3.8.2-r2
3.8.2-r3
3.8.2-r4
3.8.2-r5
3.8.2-r6
3.8.2-r7
3.8.3-r0
3.8.4-r0
3.8.5-r0
3.8.5-r1
3.8.5-r2
3.8.6-r0
3.8.7-r0
3.8.7-r1
3.8.7-r2
3.8.7-r3
3.8.8-r0
3.9.1-r0
3.9.2-r0
3.9.4-r0

Alpine:v3.20 / python3

Package

Name
python3
Purl
pkg:apk/alpine/python3?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.9.5-r0

Affected versions

3.*

3.1.3-r0
3.2.0-r0
3.2.3-r0
3.3.0-r0
3.3.2-r0
3.3.3-r0
3.3.4-r0
3.4.1-r0
3.4.2-r0
3.4.2-r1
3.4.3-r1
3.4.3-r2
3.5.0-r0
3.5.1-r0
3.5.1-r1
3.5.1-r2
3.5.1-r3
3.5.2-r0
3.5.2-r1
3.5.2-r2
3.5.2-r3
3.5.2-r4
3.5.2-r5
3.5.2-r6
3.5.2-r7
3.5.2-r8
3.5.2-r9
3.5.2-r10
3.6.0-r0
3.6.1-r0
3.6.1-r1
3.6.1-r2
3.6.1-r3
3.6.1-r4
3.6.2-r0
3.6.2-r1
3.6.2-r2
3.6.2-r3
3.6.3-r3
3.6.3-r4
3.6.3-r5
3.6.3-r6
3.6.3-r7
3.6.3-r8
3.6.3-r9
3.6.4-r0
3.6.4-r1
3.6.6-r0
3.6.6-r1
3.6.6-r2
3.6.6-r3
3.6.7-r0
3.6.8-r0
3.6.8-r1
3.6.8-r2
3.7.2-r0
3.7.3-r0
3.7.3-r1
3.7.4-r0
3.7.5-r0
3.7.5-r1
3.8.0-r0
3.8.1-r0
3.8.1-r1
3.8.1-r2
3.8.1-r3
3.8.2-r0
3.8.2-r1
3.8.2-r2
3.8.2-r3
3.8.2-r4
3.8.2-r5
3.8.2-r6
3.8.2-r7
3.8.3-r0
3.8.4-r0
3.8.5-r0
3.8.5-r1
3.8.5-r2
3.8.6-r0
3.8.7-r0
3.8.7-r1
3.8.7-r2
3.8.7-r3
3.8.8-r0
3.9.1-r0
3.9.2-r0
3.9.4-r0

Debian:12 / pypy3

Package

Name
pypy3
Purl
pkg:deb/debian/pypy3?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.3.8+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / pypy3

Package

Name
pypy3
Purl
pkg:deb/debian/pypy3?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.3.8+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / python3.9

Package

Name
python3.9
Purl
pkg:deb/debian/python3.9?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.9.2-1
3.9.3-1
3.9.3-2
3.9.4-1
3.9.5-1
3.9.5-2
3.9.5-3
3.9.6-1
3.9.7-1
3.9.7-2
3.9.7-4
3.9.8-1
3.9.8-2
3.9.9-1
3.9.9-2
3.9.9-3
3.9.9-4
3.9.10-1
3.9.10-2
3.9.11-1
3.9.12-1
3.9.13-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/python/cpython

Affected ranges

Type
GIT
Repo
https://github.com/python/cpython
Events

Affected versions

v3.*

v3.9.0
v3.9.1
v3.9.1rc1
v3.9.2
v3.9.2rc1
v3.9.3
v3.9.4