Home

CVE-2020-14422

Description

Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. This is fixed in: v3.5.10, v3.5.10rc1; v3.6.12; v3.7.9; v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1; v3.9.0, v3.9.0b4, v3.9.0b5, v3.9.0rc1, v3.9.0rc2.

Risk Information

Base Score
5.9
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.697

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2020-14422,CVE-2021-29921 are fixed in Duo Security Authentication Proxy (5.7.1)Windows
Vulnerabilities CVE-2022-21712,CVE-2020-14422,CVE-2021-29921 are fixed in Duo Security Authentication Proxy (5.7.0)Windows
Vulnerabilities CVE-2022-0778,CVE-2022-21712,CVE-2020-14422,CVE-2021-29921 are fixed in Duo Security Authentication Proxy (5.6.1)Windows
Vulnerabilities CVE-2022-0778,CVE-2022-21712,CVE-2020-14422,CVE-2021-29921 are fixed in Duo Security Authentication Proxy (5.6.0)Windows
Vulnerabilities CVE-2020-14422,CVE-2021-29921,CVE-2022-24801 are fixed in Duo Security Authentication Proxy (5.7.1)Windows
Vulnerabilities CVE-2022-0778,CVE-2022-21712,CVE-2020-14422,CVE-2021-29921 are fixed in Duo Security Authentication Proxy (5.5.1)Windows
Interactive high-level object-oriented language (version 3.8) (USN-4428-1) python2.7_2.7.17-1~18.04ubuntu1.1_i386.debLinux
Interactive high-level object-oriented language (version 3.8) (USN-4428-1) python2.7_2.7.17-1~18.04ubuntu1.1_amd64.debLinux
Interactive high-level object-oriented language (version 3.8) (USN-4428-1) python2.7_2.7.12-1ubuntu0~16.04.12_i386.debLinux
Interactive high-level object-oriented language (version 3.8) (USN-4428-1) python2.7_2.7.12-1ubuntu0~16.04.12_amd64.debLinux
Interactive high-level object-oriented language (version 3.8) (USN-4428-1) python3.5_3.5.2-2ubuntu0~16.04.11_i386.debLinux
Interactive high-level object-oriented language (version 3.8) (USN-4428-1) python3.5_3.5.2-2ubuntu0~16.04.11_amd64.debLinux
Interactive high-level object-oriented language (version 3.8) (USN-4428-1) python3.6_3.6.9-1~18.04ubuntu1.1_i386.debLinux
Interactive high-level object-oriented language (version 3.8) (USN-4428-1) python3.6_3.6.9-1~18.04ubuntu1.1_amd64.debLinux
Interactive high-level object-oriented language (version 3.8) (USN-4428-1) python3.8_3.8.2-1ubuntu1.2_i386.debLinux
Interactive high-level object-oriented language (version 3.8) (USN-4428-1) python3.8_3.8.2-1ubuntu1.2_amd64.debLinux
Interactive high-level object-oriented language (version 3.8) (USN-4428-1) python2.7-minimal_2.7.17-1~18.04ubuntu1.1_i386.debLinux
Interactive high-level object-oriented language (version 3.8) (USN-4428-1) python2.7-minimal_2.7.17-1~18.04ubuntu1.1_amd64.debLinux
Interactive high-level object-oriented language (version 3.8) (USN-4428-1) python2.7-minimal_2.7.12-1ubuntu0~16.04.12_i386.debLinux
Interactive high-level object-oriented language (version 3.8) (USN-4428-1) python2.7-minimal_2.7.12-1ubuntu0~16.04.12_amd64.debLinux
Interactive high-level object-oriented language (version 3.8) (USN-4428-1) python3.5-minimal_3.5.2-2ubuntu0~16.04.11_i386.debLinux
Interactive high-level object-oriented language (version 3.8) (USN-4428-1) python3.5-minimal_3.5.2-2ubuntu0~16.04.11_amd64.debLinux
Interactive high-level object-oriented language (version 3.8) (USN-4428-1) python3.6-minimal_3.6.9-1~18.04ubuntu1.1_i386.debLinux
Interactive high-level object-oriented language (version 3.8) (USN-4428-1) python3.6-minimal_3.6.9-1~18.04ubuntu1.1_amd64.debLinux
Interactive high-level object-oriented language (version 3.8) (USN-4428-1) python3.8-minimal_3.8.2-1ubuntu1.2_i386.debLinux
Interactive high-level object-oriented language (version 3.8) (USN-4428-1) python3.8-minimal_3.8.2-1ubuntu1.2_amd64.debLinux
SUSE-SU-2020:2157-1(SUSE Linux Enterprise Server 12-SP5 ) python-ipaddress-1.0.18-3.13.1.noarch.rpmLinux
SUSE-SU-2020:2216-1(SUSE Linux Enterprise Server 12-SP5 ) libpython3_6m1_0-3.6.10-4.17.1.x86_64.rpmLinux
SUSE-SU-2020:2216-1(SUSE Linux Enterprise Server 12-SP5 ) libpython3_6m1_0-debuginfo-3.6.10-4.17.1.x86_64.rpmLinux
SUSE-SU-2020:2216-1(SUSE Linux Enterprise Server 12-SP5 ) python36-3.6.10-4.17.1.x86_64.rpmLinux
SUSE-SU-2020:2216-1(SUSE Linux Enterprise Server 12-SP5 ) python36-base-3.6.10-4.17.1.x86_64.rpmLinux
SUSE-SU-2020:2216-1(SUSE Linux Enterprise Server 12-SP5 ) python36-base-debuginfo-3.6.10-4.17.1.x86_64.rpmLinux
SUSE-SU-2020:2216-1(SUSE Linux Enterprise Server 12-SP5 ) python36-base-debugsource-3.6.10-4.17.1.x86_64.rpmLinux
SUSE-SU-2020:2216-1(SUSE Linux Enterprise Server 12-SP5 ) python36-debuginfo-3.6.10-4.17.1.x86_64.rpmLinux
SUSE-SU-2020:2216-1(SUSE Linux Enterprise Server 12-SP5 ) python36-debugsource-3.6.10-4.17.1.x86_64.rpmLinux
(RHSA-2020:5010) python3 security update python3-3.6.8-18.el7.i686.rpmLinux
(RHSA-2020:5010) python3 security update python3-3.6.8-18.el7.x86_64.rpmLinux
(RHSA-2020:5010) python3 security update python3-debug-3.6.8-18.el7.i686.rpmLinux
(RHSA-2020:5010) python3 security update python3-debug-3.6.8-18.el7.x86_64.rpmLinux
(RHSA-2020:5010) python3 security update python3-devel-3.6.8-18.el7.i686.rpmLinux
(RHSA-2020:5010) python3 security update python3-devel-3.6.8-18.el7.x86_64.rpmLinux
(RHSA-2020:5010) python3 security update python3-idle-3.6.8-18.el7.i686.rpmLinux
(RHSA-2020:5010) python3 security update python3-idle-3.6.8-18.el7.x86_64.rpmLinux
(RHSA-2020:5010) python3 security update python3-libs-3.6.8-18.el7.i686.rpmLinux
(RHSA-2020:5010) python3 security update python3-libs-3.6.8-18.el7.x86_64.rpmLinux
(RHSA-2020:5010) python3 security update python3-test-3.6.8-18.el7.i686.rpmLinux
(RHSA-2020:5010) python3 security update python3-test-3.6.8-18.el7.x86_64.rpmLinux
(RHSA-2020:5010) python3 security update python3-tkinter-3.6.8-18.el7.i686.rpmLinux
(RHSA-2020:5010) python3 security update python3-tkinter-3.6.8-18.el7.x86_64.rpmLinux
Python3 update (ELSA-2020-5010) python3-3.6.8-18.0.1.el7.x86_64.rpmLinux
Python3-debug update (ELSA-2020-5010) python3-debug-3.6.8-18.0.1.el7.x86_64.rpmLinux
Python3-devel update (ELSA-2020-5010) python3-devel-3.6.8-18.0.1.el7.x86_64.rpmLinux
Python3-idle update (ELSA-2020-5010) python3-idle-3.6.8-18.0.1.el7.x86_64.rpmLinux
Python3-libs update (ELSA-2020-5010) python3-libs-3.6.8-18.0.1.el7.x86_64.rpmLinux
Python3-test update (ELSA-2020-5010) python3-test-3.6.8-18.0.1.el7.x86_64.rpmLinux
Python3-tkinter update (ELSA-2020-5010) python3-tkinter-3.6.8-18.0.1.el7.x86_64.rpmLinux
Python3 update (ELSA-2020-5010) python3-3.6.8-18.0.1.el7.i686.rpmLinux
Python3-debug update (ELSA-2020-5010) python3-debug-3.6.8-18.0.1.el7.i686.rpmLinux
Python3-devel update (ELSA-2020-5010) python3-devel-3.6.8-18.0.1.el7.i686.rpmLinux
Python3-idle update (ELSA-2020-5010) python3-idle-3.6.8-18.0.1.el7.i686.rpmLinux
Python3-libs update (ELSA-2020-5010) python3-libs-3.6.8-18.0.1.el7.i686.rpmLinux
Python3-test update (ELSA-2020-5010) python3-test-3.6.8-18.0.1.el7.i686.rpmLinux
Python3-tkinter update (ELSA-2020-5010) python3-tkinter-3.6.8-18.0.1.el7.i686.rpmLinux
(CESA-2020:5010) python3 security update python3-3.6.8-18.el7.i686.rpmLinux
(CESA-2020:5010) python3 security update python3-3.6.8-18.el7.x86_64.rpmLinux
(CESA-2020:5010) python3 security update python3-debug-3.6.8-18.el7.i686.rpmLinux
(CESA-2020:5010) python3 security update python3-debug-3.6.8-18.el7.x86_64.rpmLinux
(CESA-2020:5010) python3 security update python3-devel-3.6.8-18.el7.i686.rpmLinux
(CESA-2020:5010) python3 security update python3-devel-3.6.8-18.el7.x86_64.rpmLinux
(CESA-2020:5010) python3 security update python3-idle-3.6.8-18.el7.i686.rpmLinux
(CESA-2020:5010) python3 security update python3-idle-3.6.8-18.el7.x86_64.rpmLinux
(CESA-2020:5010) python3 security update python3-libs-3.6.8-18.el7.i686.rpmLinux
(CESA-2020:5010) python3 security update python3-libs-3.6.8-18.el7.x86_64.rpmLinux
(CESA-2020:5010) python3 security update python3-test-3.6.8-18.el7.i686.rpmLinux
(CESA-2020:5010) python3 security update python3-test-3.6.8-18.el7.x86_64.rpmLinux
(CESA-2020:5010) python3 security update python3-tkinter-3.6.8-18.el7.i686.rpmLinux
(CESA-2020:5010) python3 security update python3-tkinter-3.6.8-18.el7.x86_64.rpmLinux
SUSE-SU-2020:3563-1(SUSE Linux Enterprise Server 12-SP5) libpython3_6m1_0-3.6.12-4.22.2.x86_64.rpmLinux
SUSE-SU-2020:3563-1(SUSE Linux Enterprise Server 12-SP5) libpython3_6m1_0-debuginfo-3.6.12-4.22.2.x86_64.rpmLinux
SUSE-SU-2020:3563-1(SUSE Linux Enterprise Server 12-SP5) python36-3.6.12-4.22.2.x86_64.rpmLinux
SUSE-SU-2020:3563-1(SUSE Linux Enterprise Server 12-SP5) python36-base-3.6.12-4.22.2.x86_64.rpmLinux
SUSE-SU-2020:3563-1(SUSE Linux Enterprise Server 12-SP5) python36-base-debuginfo-3.6.12-4.22.2.x86_64.rpmLinux
SUSE-SU-2020:3563-1(SUSE Linux Enterprise Server 12-SP5) python36-debuginfo-3.6.12-4.22.2.x86_64.rpmLinux
SUSE-SU-2020:3563-1(SUSE Linux Enterprise Server 12-SP5) python36-debugsource-3.6.12-4.22.2.x86_64.rpmLinux
python-ipaddress Security Update (ALAS-2023-2174) python-ipaddress-1.0.16-2.amzn2.0.2.noarch.rpmLinux
An interactive high-level object-oriented language (USN-6891-1) python3.10_3.10.12-1~22.04.4_amd64.debLinux
An interactive high-level object-oriented language (USN-6891-1) python3.10_3.10.12-1~22.04.4_i386.debLinux
An interactive high-level object-oriented language (USN-6891-1) python3.10-minimal_3.10.12-1~22.04.4_amd64.debLinux
An interactive high-level object-oriented language (USN-6891-1) python3.10-minimal_3.10.12-1~22.04.4_i386.debLinux
An interactive high-level object-oriented language (USN-6891-1) python3.11_3.11.6-3ubuntu0.1_amd64.debLinux
An interactive high-level object-oriented language (USN-6891-1) python3.11_3.11.6-3ubuntu0.1_i386.debLinux
An interactive high-level object-oriented language (USN-6891-1) python3.11-minimal_3.11.6-3ubuntu0.1_amd64.debLinux
An interactive high-level object-oriented language (USN-6891-1) python3.11-minimal_3.11.6-3ubuntu0.1_i386.debLinux
An interactive high-level object-oriented language (USN-6891-1) python3.12_3.12.0-1ubuntu0.1_amd64.debLinux
An interactive high-level object-oriented language (USN-6891-1) python3.12_3.12.0-1ubuntu0.1_i386.debLinux
An interactive high-level object-oriented language (USN-6891-1) python3.12-minimal_3.12.0-1ubuntu0.1_amd64.debLinux
An interactive high-level object-oriented language (USN-6891-1) python3.12-minimal_3.12.0-1ubuntu0.1_i386.debLinux
An interactive high-level object-oriented language (USN-6891-1) python3.8_3.8.10-0ubuntu1~20.04.10_amd64.debLinux
An interactive high-level object-oriented language (USN-6891-1) python3.8_3.8.10-0ubuntu1~20.04.10_i386.debLinux
An interactive high-level object-oriented language (USN-6891-1) python3.8-minimal_3.8.10-0ubuntu1~20.04.10_amd64.debLinux
An interactive high-level object-oriented language (USN-6891-1) python3.8-minimal_3.8.10-0ubuntu1~20.04.10_i386.debLinux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-331885Duo Security Authentication Proxy (6.0.2)
PATCH-342393Duo Security Authentication Proxy (6.4.2)
PATCH-338227Duo Security Authentication Proxy (6.4.1)
PATCH-342393Duo Security Authentication Proxy (6.4.2)
PATCH-347413Duo Security Authentication Proxy (6.5.0)
PATCH-347413Duo Security Authentication Proxy (6.5.0)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234