VDB
DEBIAN-CVE-2021-29921
DEBIAN-CVE-2021-29921
PUBLISHED
CVSS 9.800000190734863 CRITICAL
In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses.
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | python3.9 | 3.9.2-1, 3.9.2-1+deb11u1, 3.9.2-1 |
| Debian:13 | pypy3 | 0, 0, 0 |
| Debian:14 | pypy3 | 0, 0, 0 |
| Debian:12 | pypy3 | 0, 0, 0 |
Timeline
- May 6, 2021 CVE Published
- Apr 28, 2026 CVE Updated