Vulnerability Identifier

CVE-2024-4032

2024-06-17

Severity Assessment

7.5

HIGH

CVSS v3.x Score

Clinical Analysis (Description)

The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn’t be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.

CPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior.

Vector Sequencing

Attack Parameters

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Impact Consequences

Technical Impact

Unchanged

Scope

High

Confidentiality

None

Integrity

None

Availability

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Weakness Classification

CWE-CWE-697

View CWE Details ↗

Timeline

Time Line

PUBLICATION

17 Jun 2024

MODIFICATION

03 Nov 2025

FIRST PATCH

22 Oct 2025

Impact Statistics

Key Metrics

CVSS Score

7.5

HIGH

Patches

Available

Remediation Protocol

Immediate Action Plan

1. Inventory

Identify all affected systems in your infrastructure.

2. Assessment

Assess exposure and criticality for your organization.

3. Mitigation

Apply patches or available workarounds.

4. Verification

Test and confirm effectiveness of applied measures.

Sources & Bibliography

NIST NVD MITRE CVE External Reference ↗ External Reference ↗ External Reference ↗ External Reference ↗ External Reference ↗

CVE Vulnerabilities

Posts & Pages

CVE-2024-4032

Attack Parameters

Technical Impact

CWE-CWE-697

Time Line

Key Metrics

Recommended Solution

Immediate Action Plan

1. Inventory

2. Assessment

3. Mitigation

4. Verification