ALPINE-CVE-2020-14422
Advisory lineage Upstream: 1 Downstream: 0
Upstream
Published: 18 Jun 2020, 14:15
Last modified:03 Dec 2025, 22:46
Vulnerability Summary
Overall Risk (default)
low
24/100 CVSS Score
5.9 MEDIUM
3.1 (osv_alpine)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
18 Jun 2020, 14:15
Published
Vulnerability first disclosed
03 Dec 2025, 22:46
Last Modified
Vulnerability information updated
Description
Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. This is fixed in: v3.5.10, v3.5.10rc1; v3.6.12; v3.7.9; v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1; v3.9.0, v3.9.0b4, v3.9.0b5, v3.9.0rc1, v3.9.0rc2.
CVSS Metrics
- v3.1•MEDIUM•Score: 5.9CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Systems
- alpine•python3
< 3.7.7-r1 | < 3.8.2-r1 | < 3.8.4-r0 | < 3.8.4-r0 | < 3.8.4-r0 | < 3.8.4-r0 | < 3.8.4-r0 | < 3.8.4-r0 | < 3.8.4-r0 | < 3.8.4-r0 | < 3.8.4-r0 | < 3.8.4-r0 | < 3.8.4-r0 | < 3.8.4-r0 | < 3.6.9-r3