VDB
ALPINE-CVE-2020-14422
ALPINE-CVE-2020-14422
PUBLISHED
CVSS 5.900000095367432 MEDIUM
Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. This is fixed in: v3.5.10, v3.5.10rc1; v3.6.12; v3.7.9; v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1; v3.9.0, v3.9.0b4, v3.9.0b5, v3.9.0rc1, v3.9.0rc2.
Risk Scores
CVSS v3.1
5.900000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.20 | python3 | 3.8.3-r0, 3.8.2-r7, 3.8.2-r6 |
| Alpine:v3.11 | python3 | 3.4.3-r1, 3.6.1-r1, 0 |
| Alpine:v3.21 | python3 | 3.1.3-r0, 3.8.3-r0, 3.8.2-r7 |
| Alpine:v3.23 | python3 | 3.8.1-r1, 3.8.3-r0, 3.8.2-r7 |
| Alpine:v3.16 | python3 | 3.1.3-r0, 3.8.3-r0, 3.8.2-r7 |
| Alpine:v3.14 | python3 | 3.5.2-r5, 3.8.3-r0, 3.8.2-r7 |
| Alpine:v3.15 | python3 | 0, 3.1.3-r0, 3.2.0-r0 |
| Alpine:v3.18 | python3 | 0, 3.8.3-r0, 3.8.2-r7 |
| Alpine:v3.12 | python3 | 3.8.3-r0, 3.5.2-r7, 0 |
| Alpine:v3.17 | python3 | 3.5.2-r6, 3.5.2-r7, 3.5.2-r8 |
| Alpine:v3.13 | python3 | 3.7.4-r0, 3.7.3-r1, 3.7.3-r0 |
| Alpine:v3.10 | python3 | 3.6.3-r5, 3.6.3-r7, 3.6.3-r8 |
| Alpine:v3.19 | python3 | 3.7.2-r0, 3.6.8-r2, 3.6.8-r1 |
| Alpine:v3.9 | python3 | 3.5.1-r2, 3.1.3-r0, 3.6.9-r2 |
| Alpine:v3.22 | python3 | 0, 3.5.0-r0, 3.1.3-r0 |
Timeline
- Jun 18, 2020 CVE Published
- Dec 3, 2025 CVE Updated
- Apr 30, 2026 Distribution Patch