Moderate severityNVD Advisory· Published Dec 29, 2023· Updated Sep 3, 2024

CVE-2023-50570

Description

An issue in the component IPAddressBitsDivision of IPAddress v5.1.0 leads to an infinite loop. This is disputed because an infinite loop occurs only for cases in which the developer supplies invalid arguments. The product is not intended to always halt for contrived inputs.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A bug in IPAddress v5.1.0's IPAddressBitsDivision can cause an infinite loop when provided with invalid arguments, though the developer disputes this as by-design behavior for contrived inputs.

Vulnerability

Description The IPAddress library version 5.1.0 contains an issue in the IPAddressBitsDivision component that can cause an infinite loop when supplied with invalid arguments [1]. Specifically, passing certain long and integer values to the constructor leads to a non-terminating computation [3].

Exploitation

Conditions An attacker could exploit this by providing crafted input to methods that utilize IPAddressBitsDivision, such as equals() [3]. No authentication is required if the library processes external data. The developer notes that the library is not intended to handle contrived inputs, and the infinite loop occurs only for invalid arguments [4].

Impact

Successful exploitation results in a denial-of-service condition due to the infinite loop, potentially affecting application availability [1].

Mitigation

Users should upgrade to a newer version of the IPAddress library (e.g., 5.6.2) where the issue may be resolved [2]. Alternatively, ensure that only valid arguments are passed to the library.

References

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
com.github.seancfoley:ipaddressMaven	<= 5.4.0	—

Affected products

137

IPAddress/IPAddressdescription
osv-coords136 versions
pkg:apk/chainguard/trino pkg:apk/chainguard/trino-config pkg:apk/chainguard/trino-oci-entrypoint pkg:apk/chainguard/trino-plugin-accumulo pkg:apk/chainguard/trino-plugin-ai-functions pkg:apk/chainguard/trino-plugin-atop pkg:apk/chainguard/trino-plugin-bigquery pkg:apk/chainguard/trino-plugin-blackhole pkg:apk/chainguard/trino-plugin-cassandra pkg:apk/chainguard/trino-plugin-clickhouse pkg:apk/chainguard/trino-plugin-delta-lake pkg:apk/chainguard/trino-plugin-druid pkg:apk/chainguard/trino-plugin-duckdb pkg:apk/chainguard/trino-plugin-elasticsearch pkg:apk/chainguard/trino-plugin-example-http pkg:apk/chainguard/trino-plugin-exasol pkg:apk/chainguard/trino-plugin-exchange-filesystem pkg:apk/chainguard/trino-plugin-exchange-hdfs pkg:apk/chainguard/trino-plugin-faker pkg:apk/chainguard/trino-plugin-functions-python pkg:apk/chainguard/trino-plugin-geospatial pkg:apk/chainguard/trino-plugin-google-sheets pkg:apk/chainguard/trino-plugin-hive pkg:apk/chainguard/trino-plugin-http-event-listener pkg:apk/chainguard/trino-plugin-http-server-event-listener pkg:apk/chainguard/trino-plugin-hudi pkg:apk/chainguard/trino-plugin-iceberg pkg:apk/chainguard/trino-plugin-ignite pkg:apk/chainguard/trino-plugin-jmx pkg:apk/chainguard/trino-plugin-kafka pkg:apk/chainguard/trino-plugin-kafka-event-listener pkg:apk/chainguard/trino-plugin-kinesis pkg:apk/chainguard/trino-plugin-kudu pkg:apk/chainguard/trino-plugin-lakehouse pkg:apk/chainguard/trino-plugin-ldap-group-provider pkg:apk/chainguard/trino-plugin-local-file pkg:apk/chainguard/trino-plugin-loki pkg:apk/chainguard/trino-plugin-mariadb pkg:apk/chainguard/trino-plugin-memory pkg:apk/chainguard/trino-plugin-ml pkg:apk/chainguard/trino-plugin-mongodb pkg:apk/chainguard/trino-plugin-mysql pkg:apk/chainguard/trino-plugin-mysql-event-listener pkg:apk/chainguard/trino-plugin-opa pkg:apk/chainguard/trino-plugin-openlineage pkg:apk/chainguard/trino-plugin-opensearch pkg:apk/chainguard/trino-plugin-oracle pkg:apk/chainguard/trino-plugin-password-authenticators pkg:apk/chainguard/trino-plugin-phoenix5 pkg:apk/chainguard/trino-plugin-pinot pkg:apk/chainguard/trino-plugin-postgresql pkg:apk/chainguard/trino-plugin-prometheus pkg:apk/chainguard/trino-plugin-ranger pkg:apk/chainguard/trino-plugin-raptor-legacy pkg:apk/chainguard/trino-plugin-redis pkg:apk/chainguard/trino-plugin-redshift pkg:apk/chainguard/trino-plugin-resource-group-managers pkg:apk/chainguard/trino-plugin-session-property-managers pkg:apk/chainguard/trino-plugin-singlestore pkg:apk/chainguard/trino-plugin-snowflake pkg:apk/chainguard/trino-plugin-spooling-filesystem pkg:apk/chainguard/trino-plugin-sqlserver pkg:apk/chainguard/trino-plugin-teradata-functions pkg:apk/chainguard/trino-plugin-thrift pkg:apk/chainguard/trino-plugin-tpcds pkg:apk/chainguard/trino-plugin-tpch pkg:apk/chainguard/trino-plugin-vertica pkg:apk/wolfi/trino pkg:apk/wolfi/trino-config pkg:apk/wolfi/trino-oci-entrypoint pkg:apk/wolfi/trino-plugin-accumulo pkg:apk/wolfi/trino-plugin-ai-functions pkg:apk/wolfi/trino-plugin-atop pkg:apk/wolfi/trino-plugin-bigquery pkg:apk/wolfi/trino-plugin-blackhole pkg:apk/wolfi/trino-plugin-cassandra pkg:apk/wolfi/trino-plugin-clickhouse pkg:apk/wolfi/trino-plugin-delta-lake pkg:apk/wolfi/trino-plugin-druid pkg:apk/wolfi/trino-plugin-duckdb pkg:apk/wolfi/trino-plugin-elasticsearch pkg:apk/wolfi/trino-plugin-example-http pkg:apk/wolfi/trino-plugin-exasol pkg:apk/wolfi/trino-plugin-exchange-filesystem pkg:apk/wolfi/trino-plugin-exchange-hdfs pkg:apk/wolfi/trino-plugin-faker pkg:apk/wolfi/trino-plugin-functions-python pkg:apk/wolfi/trino-plugin-geospatial pkg:apk/wolfi/trino-plugin-google-sheets pkg:apk/wolfi/trino-plugin-hive pkg:apk/wolfi/trino-plugin-http-event-listener pkg:apk/wolfi/trino-plugin-http-server-event-listener pkg:apk/wolfi/trino-plugin-hudi pkg:apk/wolfi/trino-plugin-iceberg pkg:apk/wolfi/trino-plugin-ignite pkg:apk/wolfi/trino-plugin-jmx pkg:apk/wolfi/trino-plugin-kafka pkg:apk/wolfi/trino-plugin-kafka-event-listener pkg:apk/wolfi/trino-plugin-kinesis pkg:apk/wolfi/trino-plugin-kudu pkg:apk/wolfi/trino-plugin-lakehouse pkg:apk/wolfi/trino-plugin-ldap-group-provider pkg:apk/wolfi/trino-plugin-local-file pkg:apk/wolfi/trino-plugin-loki pkg:apk/wolfi/trino-plugin-mariadb pkg:apk/wolfi/trino-plugin-memory pkg:apk/wolfi/trino-plugin-ml pkg:apk/wolfi/trino-plugin-mongodb pkg:apk/wolfi/trino-plugin-mysql pkg:apk/wolfi/trino-plugin-mysql-event-listener pkg:apk/wolfi/trino-plugin-opa pkg:apk/wolfi/trino-plugin-openlineage pkg:apk/wolfi/trino-plugin-opensearch pkg:apk/wolfi/trino-plugin-oracle pkg:apk/wolfi/trino-plugin-password-authenticators pkg:apk/wolfi/trino-plugin-phoenix5 pkg:apk/wolfi/trino-plugin-pinot pkg:apk/wolfi/trino-plugin-postgresql pkg:apk/wolfi/trino-plugin-prometheus pkg:apk/wolfi/trino-plugin-ranger pkg:apk/wolfi/trino-plugin-raptor-legacy pkg:apk/wolfi/trino-plugin-redis pkg:apk/wolfi/trino-plugin-redshift pkg:apk/wolfi/trino-plugin-resource-group-managers pkg:apk/wolfi/trino-plugin-session-property-managers pkg:apk/wolfi/trino-plugin-singlestore pkg:apk/wolfi/trino-plugin-snowflake pkg:apk/wolfi/trino-plugin-spooling-filesystem pkg:apk/wolfi/trino-plugin-sqlserver pkg:apk/wolfi/trino-plugin-teradata-functions pkg:apk/wolfi/trino-plugin-thrift pkg:apk/wolfi/trino-plugin-tpcds pkg:apk/wolfi/trino-plugin-tpch pkg:apk/wolfi/trino-plugin-vertica pkg:maven/com.github.seancfoley/ipaddress pkg:rpm/opensuse/IPAddress&distro=openSUSE%20Tumbleweed
< 472-r0+ 135 more
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: <= 5.4.0
- (no CPE)range: < 5.5.1-1.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-qphf-w3cq-jpmxghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2023-50570ghsaADVISORY
github.com/github/advisory-database/pull/3279ghsaWEB
github.com/seancfoley/IPAddress/issues/118ghsaWEB
github.com/seancfoley/IPAddress/issues/118ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000