PT-2020-5471 · Python+10 · Python+10
Published
2020-06-17
·
Updated
2026-05-18
·
CVE-2020-14422
CVSS v2.0
7.1
High
| Vector | AV:N/AC:M/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Python versions prior to 3.5.10
Python versions prior to 3.6.12
Python versions prior to 3.7.9
Python versions prior to 3.8.4
Python versions prior to 3.9.0
Description
The issue is related to the improper computation of hash values in the IPv4Interface and IPv6Interface classes in the Lib/ipaddress.py module of Python. This could allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and the attacker can cause many dictionary entries to be created.
Recommendations
For versions prior to 3.5.10, update to version 3.5.10 or later.
For versions prior to 3.6.12, update to version 3.6.12 or later.
For versions prior to 3.7.9, update to version 3.7.9 or later.
For versions prior to 3.8.4, update to version 3.8.4 or later.
For versions prior to 3.9.0, update to version 3.9.0 or later.
Fix
DoS
Use of Insufficiently Random Values
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Debian
Linuxmint
Python
Red Hat
Rocky Linux
Suse
Ubuntu