Wind River Support Network

HomeDefectsLIN1021-37
Fixed

LIN1021-37 : Security Advisory - python - CVE-2021-29921

Created: May 17, 2021    Updated: Aug 25, 2021
Resolved Date: May 18, 2021
Found In Version: 10.21.20.1
Fix Version: 10.21.20.1
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Userspace

Description

Improper input validation of octal strings in Python stdlib ipaddress 3.10 and below allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many programs that rely on Python stdlib ipaddress. IP address octects are left stripped instead of evaluated as valid IP addresses.

CREATE(Triage):(User=admin) [CVE-2021-29921|https://nvd.nist.gov/vuln/detail/CVE-2021-29921]

CVEs


Live chat
Online