Lucene search
IBME437CE503208373777E43450B168FBC3F47811675CA792BE0D00E04433982026HistorySep 27, 2020 - 7:48 p.m.
Security Bulletin: IBM Cloud Private is vulnerable to a Python vulnerability (CVE-2020-14422)
2020-09-2719:48:09
www.ibm.com
11
0.01 Low
EPSS
Percentile
83.8%
Summary
IBM Cloud Private is vulnerable to a Python vulnerability
Vulnerability Details
CVEID:CVE-2020-14422
**DESCRIPTION:**Python is vulnerable to a denial of service, caused by improper computing hash values in the IPv4Interface and IPv6Interface classes in Lib/ipaddress.py. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/184320 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Cloud Private | 3.2.1 CD |
| IBM Cloud Private | 3.2.2 CD |
Remediation/Fixes
Product defect fixes and security updates are only available for the two most recent Continuous Delivery (CD) update packages
- IBM Cloud Private 3.2.1
- IBM Cloud Private 3.2.2
For IBM Cloud Private 3.2.1, apply Aug fix pack:
For IBM Cloud Private 3.2.2, apply Aug fix pack:
For IBM Cloud Private 3.1.0, 3.1.1, 3.1.2, 3.2.0:
- Upgrade to the latest Continuous Delivery (CD) update package, IBM Cloud Private 3.2.2.2008.
- If required, individual product fixes can be made available between CD update packages for resolution of problems. Contact IBM support for assistance
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm cloud private | eq | 3.2.1 | |
| ibm cloud private | eq | 3.2.2 |
Related
suse
suse
Security update for python3 (important)
2020-07-05 00:00:00
Security update for python3 (important)
2020-07-07 00:00:00
Security update for python-ipaddress (important)
2020-07-19 00:00:00
nessus
nessus
Photon OS 3.0: Python3 PHSA-2020-3.0-0111
2020-07-15 00:00:00
Fedora 32 : python39 (2020-705c6ea5be)
2020-07-17 00:00:00
EulerOS 2.0 SP9 : python-ipaddress (EulerOS-SA-2020-2420)
2020-11-03 00:00:00
openvas
openvas
openSUSE: Security Advisory for python3 (openSUSE-SU-2020:0940-1)
2020-07-08 00:00:00
openSUSE: Security Advisory for python-ipaddress (openSUSE-SU-2020:0989-1)
2020-07-19 00:00:00
osv
osv
[CVE-2020-14422] Hash collisions in IPv4Interface and IPv6Interface
2020-06-18 00:00:00
BIT-python-2020-14422
2024-03-06 11:08:07
CVE-2020-14422
2020-06-18 14:15:11
ibm
ibm
fedora
fedora
[SECURITY] Fedora 32 Update: python39-3.9.0~b4-1.fc32
2020-07-17 00:49:35
[SECURITY] Fedora 31 Update: python39-3.9.0~b4-1.fc31
2020-07-17 01:05:23
[SECURITY] Fedora 32 Update: python3-docs-3.8.5-1.fc32
2020-07-30 18:57:25
photon
photon
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2020-2.0-0258
2020-07-02 00:00:00
Moderate Photon OS Security Update - PHSA-2020-0111
2020-07-09 00:00:00
Moderate Photon OS Security Update - PHSA-2020-0258
2020-07-02 00:00:00
amazon
amazon
Medium: python-pip
2023-07-17 17:40:00
Medium: python-ipaddress
2023-07-20 17:30:00
Medium: python3
2020-09-01 00:40:00
prion
prion
Design/Logic Flaw
2020-06-18 14:15:00
cbl_mariner
cbl_mariner
CVE-2020-14422 affecting package python3 3.7.9-2
2021-07-08 21:56:42
cvelist
cvelist
CVE-2020-14422
2020-06-18 00:00:00
debian
debian
[SECURITY] [DLA 3424-1] python-ipaddress security update
2023-05-15 23:30:52
[SECURITY] [DLA 2280-1] python3.5 security update
2020-07-15 10:00:36
cve
cve
CVE-2020-14422
2020-06-18 14:15:11
alpinelinux
alpinelinux
CVE-2020-14422
2020-06-18 14:15:11
nvd
nvd
CVE-2020-14422
2020-06-18 14:15:11
mageia
mageia
Updated python-ipaddress package fixes security vulnerability
2020-08-25 11:13:25
Updated python and python3 packages fix security vulnerabilities
2020-12-08 13:40:32
ubuntucve
ubuntucve
CVE-2020-14422
2020-06-18 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-08-06 21:39:59
debiancve
debiancve
CVE-2020-14422
2020-06-18 14:15:11
redhatcve
redhatcve
CVE-2020-14422
2020-07-08 13:26:20
gentoo
gentoo
Python: Multiple vulnerabilities
2020-08-02 00:00:00
redhat
redhat
(RHSA-2020:5010) Moderate: python3 security update
2020-11-10 09:39:04
(RHSA-2020:4433) Moderate: python3 security and bug fix update
2020-11-03 12:04:08
freebsd
freebsd
Python -- multiple vulnerabilities
2020-06-17 00:00:00
Python -- multiple vulnerabilities
2020-08-19 00:00:00
oraclelinux
oraclelinux
python3 security update
2020-11-13 00:00:00
python3 security and bug fix update
2020-11-10 00:00:00
python38:3.8 security, bug fix, and enhancement update
2020-11-10 00:00:00
centos
centos
python3 security update
2020-11-18 17:23:37
rosalinux
rosalinux
Advisory ROSA-SA-2023-2202
2023-07-25 10:31:09
almalinux
almalinux
Moderate: python3 security and bug fix update
2020-11-03 12:04:08
Moderate: python38:3.8 security, bug fix, and enhancement update
2020-11-03 12:23:02
cloudfoundry
cloudfoundry
USN-4428-1: Python vulnerabilities | Cloud Foundry
2020-08-27 00:00:00
ubuntu
ubuntu
Python vulnerabilities
2020-07-22 00:00:00
rocky
rocky
python38:3.8 security, bug fix, and enhancement update
2020-11-03 12:23:02
0.01 Low
EPSS
Percentile
83.8%
Related for E437CE503208373777E43450B168FBC3F47811675CA792BE0D00E04433982026