CVE-2021-29921

Published: May 6, 2021Modified: Nov 3, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses.

Affected (8)

Products: Python: Python · Oracle: Communications Cloud Native Core Automated Test Suite, Communications Cloud Native Core Binding Support Function, Communications Cloud Native Core Network Slice Selection Function, Graalvm, Zfs Storage Appliance Kit

1 product

5 products

Communications Cloud Native Core Automated Test Suite

Communications Cloud Native Core Binding Support Function

Communications Cloud Native Core Network Slice Selection Function

Zfs Storage Appliance Kit

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Python Python	From 3.8.0 to 3.8.12
Python Python	From 3.9.0 to 3.9.5

Configuration B

6 vulnerable

Vulnerable Software	Affected Versions
Oracle Communications Cloud Native Core Automated Test Suite	Version 1.8.0
Oracle Communications Cloud Native Core Binding Support Function	Version 1.11.0
Oracle Communications Cloud Native Core Network Slice Selection Function	Version 1.8.0
Oracle Graalvm	Version 20.3.2
Oracle Graalvm	Version 21.1.0
Oracle Zfs Storage Appliance Kit	Version 8.8

References (33)

https://bugs.python.org/issue36384

Source: cve@mitre.org

Issue TrackingPatchVendor Advisory

https://docs.python.org/3/library/ipaddress.html

Source: cve@mitre.org

Vendor Advisory

https://github.com/python/cpython/blob/63298930fb531ba2bb4f23bc3b915dbf1e17e9e1/Misc/NEWS.d/3.8.0a4.rst

Source: cve@mitre.org

Third Party Advisory

https://github.com/python/cpython/pull/12577

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/python/cpython/pull/25099

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/sickcodes

Source: cve@mitre.org

Third Party Advisory

https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-014.md

Source: cve@mitre.org

ExploitThird Party Advisory

https://python-security.readthedocs.io/vuln/ipaddress-ipv4-leading-zeros.html

Source: cve@mitre.org

Vendor Advisory

https://security.gentoo.org/glsa/202305-02

Source: cve@mitre.org

https://security.netapp.com/advisory/ntap-20210622-0003/

Source: cve@mitre.org

Third Party Advisory

https://sick.codes/sick-2021-014

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.oracle.com//security-alerts/cpujul2021.html

Source: cve@mitre.org

PatchThird Party Advisory

https://www.oracle.com/security-alerts/cpuapr2022.html

Source: cve@mitre.org

PatchThird Party Advisory

https://www.oracle.com/security-alerts/cpujan2022.html

Source: cve@mitre.org

PatchThird Party Advisory

https://www.oracle.com/security-alerts/cpujul2022.html

Source: cve@mitre.org

https://www.oracle.com/security-alerts/cpuoct2021.html

Source: cve@mitre.org

PatchThird Party Advisory

https://bugs.python.org/issue36384

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchVendor Advisory

https://docs.python.org/3/library/ipaddress.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://github.com/python/cpython/blob/63298930fb531ba2bb4f23bc3b915dbf1e17e9e1/Misc/NEWS.d/3.8.0a4.rst

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://github.com/python/cpython/pull/12577

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/python/cpython/pull/25099

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/sickcodes

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-014.md

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://python-security.readthedocs.io/vuln/ipaddress-ipv4-leading-zeros.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://security.gentoo.org/glsa/202305-02

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.netapp.com/advisory/ntap-20210622-0003/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://sick.codes/sick-2021-014

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.oracle.com//security-alerts/cpujul2021.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://www.oracle.com/security-alerts/cpuapr2022.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://www.oracle.com/security-alerts/cpujan2022.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://www.oracle.com/security-alerts/cpujul2022.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.oracle.com/security-alerts/cpuoct2021.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.