Published: 06/05/2021 Updated: 03/05/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

In Python prior to 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows malicious users to bypass access control that is based on IP addresses.

Vulnerable Product	Search on Vulmon	Subscribe to Product
python python
oracle zfs storage appliance kit 8.8
oracle graalvm 20.3.2
oracle graalvm 21.1.0
oracle communications cloud native core automated test suite 1.8.0
oracle communications cloud native core network slice selection function 1.8.0
oracle communications cloud native core binding support function 1.11.0

Debian Bug report logs - #989195 CVE-2021-29921 Package: python39; Maintainer for python39 is Matthias Klose <doko@debianorg>; Source for python39 is src:python39 (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Fri, 28 May 2021 07:45:02 UTC Severity: important Tags: fixed-upstream, ...

The CryptProtectMemory function in cngsys (aka the Cryptography Next Generation driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 81, Windows Server 2012 Gold and R2, and Windows RT Gold and 81, when the CRYPTPROTECTMEMORY_SAME_LOGON o ...

No description is available for this CVE ...

A security issue was found in Python before version 395 The ipaddress module accepted leading zeros in IPv4 addresses, which are ambiguous and interpreted as octal notation by some libraries ...

This tool is used for backdoor,shellcode generation,Information retrieval and POC arrangement for various architecture devices

hackebds 🔗中文readme foreword In the process of penetration and vulnerability mining of embedded devices, many problems have been encountered One is that some devices do not have telnetd or ssh services to obtain an interactive shell，Some devices are protected by firewall and cannot be connected to it in the forward direction Reverse_shell is required, and the other

NVD-CWE-Other https://github.com/python/cpython/pull/25099 https://sick.codes/sick-2021-014 https://python-security.readthedocs.io/vuln/ipaddress-ipv4-leading-zeros.html https://github.com/sickcodes https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-014.md https://github.com/python/cpython/pull/12577 https://docs.python.org/3/library/ipaddress.html https://github.com/python/cpython/blob/63298930fb531ba2bb4f23bc3b915dbf1e17e9e1/Misc/NEWS.d/3.8.0a4.rst https://bugs.python.org/issue36384 https://security.netapp.com/advisory/ntap-20210622-0003/https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuoct2021.html https://www.oracle.com/security-alerts/cpujan2022.html https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujul2022.html https://security.gentoo.org/glsa/202305-02 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989195 https://nvd.nist.gov https://github.com/doudoudedi/hackEmbedded https://alas.aws.amazon.com/AL2/ALASPYTHON3.8-2023-009.html

CVE-2021-29921

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect