-------- Forwarded Message -------- Subject: [Security-announce][CVE-2024-4032] Incorrect IPv4 and IPv6 private ranges Date: Mon, 17 Jun 2024 09:01:18 -0500 From: Seth Larson <s...@python.org> Reply-To: security-...@python.org To: security-annou...@python.org The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the 'is_private' and 'is_global' properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn’t be returned in accordance with the latest information from the IANA Special-Purpose Address Registries. CPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior. Severity: Medium References * https://github.com/python/cpython/issues/113171 * https://github.com/python/cpython/pull/113179 * https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml * https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml
_______________________________________________ Security-announce mailing list -- security-annou...@python.org To unsubscribe send an email to security-announce-le...@python.org https://mail.python.org/mailman3/lists/security-announce.python.org/ Member address: alan.coopersm...@oracle.com
