Published: 06/05/2021 Updated: 14/05/2021
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Improper input validation of octal strings in Python stdlib ipaddress 3.10 and below allows unauthenticated remote malicious users to perform indeterminate SSRF, RFI, and LFI attacks on many programs that rely on Python stdlib ipaddress. IP address octects are left stripped instead of evaluated as valid IP addresses.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

Vendor Advisories

No description is available for this CVE ...
A security issue was found in Python before version 395 The ipaddress module accepted leading zeros in IPv4 addresses, which are ambiguous and interpreted as octal notation by some libraries ...

Recent Articles

Python also impacted by critical IP address validation vulnerability
BleepingComputer • Ax Sharma • 01 May 2021

The Python standard library
also suffers from the critical IP address validation vulnerability identical to the flaw that was reported in the "netmask" library earlier this year.
The researchers who had discovered the critical flaw in
, also discovered the same flaw in this Python module and have procured a vulnerability identifier: 
The regression bug crept into Python 3.x's 
module as a result of a change made in 2019 by Python maintainers.
In March, ...