{"id":"BIT-libpython-2021-29921","details":"In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses.","aliases":["BIT-python-2021-29921","BIT-python-min-2021-29921","CVE-2021-29921","PSF-2021-2"],"modified":"2025-11-06T13:25:46.476Z","published":"2025-08-11T13:51:46.493Z","database_specific":{"cpes":["cpe:2.3:a:python:python:*:*:*:*:*:*:*:*"],"severity":"Critical"},"references":[{"type":"WEB","url":"https://bugs.python.org/issue36384"},{"type":"WEB","url":"https://docs.python.org/3/library/ipaddress.html"},{"type":"WEB","url":"https://github.com/python/cpython/blob/63298930fb531ba2bb4f23bc3b915dbf1e17e9e1/Misc/NEWS.d/3.8.0a4.rst"},{"type":"WEB","url":"https://github.com/python/cpython/pull/12577"},{"type":"WEB","url":"https://github.com/python/cpython/pull/25099"},{"type":"WEB","url":"https://github.com/sickcodes"},{"type":"WEB","url":"https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-014.md"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29921"},{"type":"WEB","url":"https://python-security.readthedocs.io/vuln/ipaddress-ipv4-leading-zeros.html"},{"type":"WEB","url":"https://security.gentoo.org/glsa/202305-02"},{"type":"WEB","url":"https://security.netapp.com/advisory/ntap-20210622-0003/"},{"type":"WEB","url":"https://sick.codes/sick-2021-014"},{"type":"WEB","url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"type":"WEB","url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"type":"WEB","url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"type":"WEB","url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"type":"WEB","url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html"}],"affected":[{"package":{"name":"libpython","ecosystem":"Bitnami","purl":"pkg:bitnami/libpython"},"ranges":[{"type":"SEMVER","events":[{"introduced":"3.8.0"},{"fixed":"3.8.12"},{"introduced":"3.9.0"},{"fixed":"3.9.5"}]}],"database_specific":{"source":"https://github.com/bitnami/vulndb/tree/main/data/libpython/BIT-libpython-2021-29921.json"},"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}],"schema_version":"1.7.3"}