Homepage
About Snyk

Cryptographic Issues Affecting ipaddress package, versions [0,]

Severity

 Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team

    Threat Intelligence

    EPSS
    1.42% (87th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-PYTHON-IPADDRESS-590065
  • published 9 Aug 2020
  • disclosed 23 Jul 2020
  • credit markmcclain
Report a new vulnerability Found a mistake?

Introduced: 23 Jul 2020

CVE-2020-14422 Open this link in a new tab
CWE-310 Open this link in a new tab

How to fix?

There is no fixed version for ipaddress.

Overview

ipaddress is an IPv4/IPv6 manipulation library

Affected versions of this package are vulnerable to Cryptographic Issues. The hash() methods of classes IPv4Interface and IPv6Interface had issue of generating constant hash values of 32 and 128 respectively causing hash collisions. The fix uses the hash() function to generate hash values for the objects instead of XOR operation.

References

CVSS Scores

version 3.1
Expand this section

Snyk

Recommended
5.9 medium
  • Attack Vector (AV)
    Network
  • Attack Complexity (AC)
    High
  • Privileges Required (PR)
    None
  • User Interaction (UI)
    None
  • Scope (S)
    Unchanged
  • Confidentiality (C)
    None
  • Integrity (I)
    None
  • Availability (A)
    High
Expand this section

NVD

5.9 medium
Expand this section

SUSE

7.5 high
Expand this section

Red Hat

5.9 medium