CVE-2024-4032: 
Rocky Linux vulnerability analysis and mitigation

CVE-2024-4032 affects the Python 'ipaddress' module, which contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as 'globally reachable' or 'private'. This vulnerability impacts the isprivate and isglobal properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values weren't returned in accordance with the latest information from the IANA Special-Purpose Address Registries (Python Security).

The vulnerability stems from incorrect implementation of the privatenetworks variables used by various is_private implementations. The issue involves missing ranges and overly strict ranges where there are more specific ranges considered globally reachable by the IANA registries. The vulnerability has been assigned a CVSS score of 7.5 (HIGH) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (NetApp Advisory).

The vulnerability could lead to incorrect identification of IP addresses as private or globally reachable, potentially causing security misconfigurations in network applications that rely on these determinations. This could result in disclosure of sensitive information by incorrectly classifying private addresses as public or vice versa (NetApp Advisory).

The vulnerability has been fixed in CPython versions 3.12.4 and 3.13.0a6, which contain updated information from the IANA Special-Purpose Address Registries. Users should upgrade to these or later versions to receive the fix (Python Security).