This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author xtreak
Recipients xtreak, zjmxq
Date 2022-03-04.10:04:51
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1646388292.09.0.0049061076781.issue46918@roundup.psfhosted.org>
In-reply-to
Content 
https://nvd.nist.gov/vuln/detail/CVE-2020-14422

Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. This is fixed in: v3.5.10, v3.5.10rc1; v3.6.12; v3.7.9; v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1; v3.9.0, v3.9.0b4, v3.9.0b5, v3.9.0rc1, v3.9.0rc2.

This CVE is listed as fixed in 3.9.0RC2 though you have added 3.9.2 and also mentioned ensurepip which doesn't seem to be relevant. Can you please add more detail over how we can reproduce the vulnerability in latest master or latest stable 3.9 release and how this is related to ensurepip.
History
Date User Action Args
2022-03-04 10:04:52xtreaksetrecipients: + xtreak, zjmxq
2022-03-04 10:04:52xtreaksetmessageid: <1646388292.09.0.0049061076781.issue46918@roundup.psfhosted.org>
2022-03-04 10:04:52xtreaklinkissue46918 messages
2022-03-04 10:04:51xtreakcreate