CVE-2021-42343 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2021-42343 Interim 1 7 2025-02-17T00:25:59Z current 2021-10-28T01:34:11Z 2025-02-17T00:25:59Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2021-42343 An issue was discovered in the Dask distributed package before 2021.10.0 for Python. Single machine Dask clusters started with dask.distributed.LocalCluster or dask.distributed.Client (which defaults to using LocalCluster) would mistakenly configure their respective Dask workers to listen on external interfaces (typically with a randomly selected high port) rather than only on localhost. A Dask cluster created using this method (when running on a machine that has an applicable port exposed) could be used by a sophisticated attacker to achieve remote code execution. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Tumbleweed python310-distributed-2024.4.2-1.1 python311-distributed-2024.4.2-1.1 python312-distributed-2024.4.2-1.1 python38-distributed-2022.1.0-1.1 python39-distributed-2022.1.0-1.1 python310-distributed-2024.4.2-1.1 as a component of openSUSE Tumbleweed python311-distributed-2024.4.2-1.1 as a component of openSUSE Tumbleweed python312-distributed-2024.4.2-1.1 as a component of openSUSE Tumbleweed python38-distributed-2022.1.0-1.1 as a component of openSUSE Tumbleweed python39-distributed-2022.1.0-1.1 as a component of openSUSE Tumbleweed An issue was discovered in the Dask distributed package before 2021.10.0 for Python. Single machine Dask clusters started with dask.distributed.LocalCluster or dask.distributed.Client (which defaults to using LocalCluster) would mistakenly configure their respective Dask workers to listen on external interfaces (typically with a randomly selected high port) rather than only on localhost. A Dask cluster created using this method (when running on a machine that has an applicable port exposed) could be used by a sophisticated attacker to achieve remote code execution. CVE-2021-42343 openSUSE Tumbleweed:python310-distributed-2024.4.2-1.1 openSUSE Tumbleweed:python311-distributed-2024.4.2-1.1 openSUSE Tumbleweed:python312-distributed-2024.4.2-1.1 openSUSE Tumbleweed:python38-distributed-2022.1.0-1.1 openSUSE Tumbleweed:python39-distributed-2022.1.0-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H