CVE-2021-29921
Description
In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
2.048
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2021-29921 are affected in Python 3.9.3 | Windows |
| Vulnerabilities CVE-2020-14422,CVE-2021-29921 are fixed in Duo Security Authentication Proxy (5.7.1) | Windows |
| Vulnerabilities CVE-2022-21712,CVE-2020-14422,CVE-2021-29921 are fixed in Duo Security Authentication Proxy (5.7.0) | Windows |
| Vulnerabilities CVE-2022-0778,CVE-2022-21712,CVE-2020-14422,CVE-2021-29921 are fixed in Duo Security Authentication Proxy (5.6.1) | Windows |
| Vulnerabilities CVE-2022-0778,CVE-2022-21712,CVE-2020-14422,CVE-2021-29921 are fixed in Duo Security Authentication Proxy (5.6.0) | Windows |
| Vulnerabilities CVE-2020-14422,CVE-2021-29921,CVE-2022-24801 are fixed in Duo Security Authentication Proxy (5.7.1) | Windows |
| Vulnerabilities CVE-2022-0778,CVE-2022-21712,CVE-2020-14422,CVE-2021-29921 are fixed in Duo Security Authentication Proxy (5.5.1) | Windows |
| Vulnerabilities CVE-2020-28928,CVE-2021-2341,CVE-2021-2369,CVE-2021-2388,CVE-2021-29921 are affected in Oracle GraalVM Enterprise Edition 20.3.2 | Windows |
| Vulnerabilities CVE-2020-28928,CVE-2021-2341,CVE-2021-2369,CVE-2021-2388,CVE-2021-29921 are affected in Oracle GraalVM Enterprise Edition 21.1.0 | Windows |
| An interactive high-level object-oriented language (USN-4973-1) python3.8_3.8.5-1~20.04.3_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-4973-1) python3.8_3.8.5-1~20.04.3_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-4973-1) python3.8_3.8.6-1ubuntu0.3_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-4973-1) python3.8_3.8.6-1ubuntu0.3_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-4973-1) python3.8-minimal_3.8.5-1~20.04.3_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-4973-1) python3.8-minimal_3.8.5-1~20.04.3_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-4973-1) python3.8-minimal_3.8.6-1ubuntu0.3_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-4973-1) python3.8-minimal_3.8.6-1ubuntu0.3_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-4973-2) python3.8_3.8.10-0ubuntu1~20.04.1_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-4973-2) python3.8_3.8.10-0ubuntu1~20.04.1_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-4973-2) python3.8-minimal_3.8.10-0ubuntu1~20.04.1_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-4973-2) python3.8-minimal_3.8.10-0ubuntu1~20.04.1_amd64.deb | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update PyYAML-debugsource-5.4.1-1.module+el8.5.0+10721+14d8e0d5.x86_64.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update numpy-debugsource-1.17.3-6.module+el8.5.0+12205+a865257a.x86_64.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python-lxml-debugsource-4.4.1-6.module+el8.5.0+10542+ba057329.x86_64.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python-psutil-debugsource-5.6.4-4.module+el8.5.0+12031+10ce4870.x86_64.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-babel-2.7.0-11.module+el8.5.0+11015+9c1c7c42.noarch.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-debug-3.8.8-4.module+el8.5.0+12205+a865257a.x86_64.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-debugsource-3.8.8-4.module+el8.5.0+12205+a865257a.x86_64.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-devel-3.8.8-4.module+el8.5.0+12205+a865257a.x86_64.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-idle-3.8.8-4.module+el8.5.0+12205+a865257a.x86_64.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-jinja2-2.10.3-5.module+el8.5.0+10542+ba057329.noarch.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-lxml-4.4.1-6.module+el8.5.0+10542+ba057329.x86_64.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-numpy-1.17.3-6.module+el8.5.0+12205+a865257a.x86_64.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-numpy-doc-1.17.3-6.module+el8.5.0+12205+a865257a.noarch.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-numpy-f2py-1.17.3-6.module+el8.5.0+12205+a865257a.x86_64.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-psutil-5.6.4-4.module+el8.5.0+12031+10ce4870.x86_64.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-pyyaml-5.4.1-1.module+el8.5.0+10721+14d8e0d5.x86_64.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-rpm-macros-3.8.8-4.module+el8.5.0+12205+a865257a.noarch.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-test-3.8.8-4.module+el8.5.0+12205+a865257a.x86_64.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-tkinter-3.8.8-4.module+el8.5.0+12205+a865257a.x86_64.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-urllib3-1.25.7-5.module+el8.5.0+11639+ea5b349d.noarch.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-wheel-0.33.6-6.module+el8.5.0+12205+a865257a.noarch.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-wheel-wheel-0.33.6-6.module+el8.5.0+12205+a865257a.noarch.rpm | Linux |
| An interactive high-level object-oriented language (USN-6891-1) python3.10_3.10.12-1~22.04.4_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-6891-1) python3.10_3.10.12-1~22.04.4_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-6891-1) python3.10-minimal_3.10.12-1~22.04.4_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-6891-1) python3.10-minimal_3.10.12-1~22.04.4_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-6891-1) python3.11_3.11.6-3ubuntu0.1_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-6891-1) python3.11_3.11.6-3ubuntu0.1_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-6891-1) python3.11-minimal_3.11.6-3ubuntu0.1_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-6891-1) python3.11-minimal_3.11.6-3ubuntu0.1_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-6891-1) python3.12_3.12.0-1ubuntu0.1_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-6891-1) python3.12_3.12.0-1ubuntu0.1_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-6891-1) python3.12-minimal_3.12.0-1ubuntu0.1_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-6891-1) python3.12-minimal_3.12.0-1ubuntu0.1_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-6891-1) python3.8_3.8.10-0ubuntu1~20.04.10_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-6891-1) python3.8_3.8.10-0ubuntu1~20.04.10_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-6891-1) python3.8-minimal_3.8.10-0ubuntu1~20.04.10_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-6891-1) python3.8-minimal_3.8.10-0ubuntu1~20.04.10_i386.deb | Linux |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-331885 | Duo Security Authentication Proxy (6.0.2) |
| PATCH-342393 | Duo Security Authentication Proxy (6.4.2) |
| PATCH-338227 | Duo Security Authentication Proxy (6.4.1) |
| PATCH-342393 | Duo Security Authentication Proxy (6.4.2) |
| PATCH-347413 | Duo Security Authentication Proxy (6.5.0) |
| PATCH-347413 | Duo Security Authentication Proxy (6.5.0) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234