Karthikeyan Singaravelan <tir.kar...@gmail.com> added the comment:
https://nvd.nist.gov/vuln/detail/CVE-2020-14422 Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. This is fixed in: v3.5.10, v3.5.10rc1; v3.6.12; v3.7.9; v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1; v3.9.0, v3.9.0b4, v3.9.0b5, v3.9.0rc1, v3.9.0rc2. This CVE is listed as fixed in 3.9.0RC2 though you have added 3.9.2 and also mentioned ensurepip which doesn't seem to be relevant. Can you please add more detail over how we can reproduce the vulnerability in latest master or latest stable 3.9 release and how this is related to ensurepip. ---------- nosy: +xtreak _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue46918> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
