
<html>

  <head>


    <meta http-equiv="content-type" content="text/html; charset=UTF-8">

  </head>

  <body>

    <p>Dear all,</p>

    <p>you may have heard about a parsing bug/vulnerability in Python's

      ipaddress module. Only Python version >= 3.8 are affected. The

      bug affects the handling of addresses in octal notation</p>

    <p>The sources below have more details on the error, but in

      principle it means that the leading zeros of IP address in octal

      notation are stripped and the rest is parsed decimal. The correct

      behavior would have been that the numbers starting with zeros are

      parsed as octal. You can also see the (erroneous) changes in the

      documentation:

      <a class="moz-txt-link-freetext" href="https://docs.python.org/3/library/ipaddress.html#ipaddress.IPv4Address">https://docs.python.org/3/library/ipaddress.html#ipaddress.IPv4Address</a>

      ("<span class="versionmodified changed">Changed in version 3.8"

        and "Changed in version 3.10"). There no fix yet for this bug,

        but you should receive it soon from your distribution.<br>

      </span></p>

    <p><span class="versionmodified changed">As an IntelMQ user, you

        need to trust your input sources anyway, or check the validity

        of the collected data. If any feed gives you IP addresses with

        leading zeros, the outcome may be unexpected.<br>

      </span></p>

    <p>Further sources:<br>

    </p>

    <p><a class="moz-txt-link-freetext" href="https://www.bleepingcomputer.com/news/security/python-also-impacted-by-critical-ip-address-validation-vulnerability/">https://www.bleepingcomputer.com/news/security/python-also-impacted-by-critical-ip-address-validation-vulnerability/</a><br>

      <a class="moz-txt-link-freetext" href="https://sick.codes/sick-2021-014/">https://sick.codes/sick-2021-014/</a></p>

    <p>best regards<br>

      Sebastian<br>

    </p>

    <pre class="moz-signature" cols="72">-- 

// Sebastian Wagner <a class="moz-txt-link-rfc2396E" href="mailto:wagner@cert.at"><wagner@cert.at></a> - T: +43 676 898 298 7201

// CERT Austria - <a class="moz-txt-link-freetext" href="https://www.cert.at/">https://www.cert.at/</a>

// Eine Initiative der nic.at GmbH - <a class="moz-txt-link-freetext" href="https://www.nic.at/">https://www.nic.at/</a>

// Firmenbuchnummer 172568b, LG Salzburg</pre>

  </body>

</html>