CPANSA-Net-CIDR-Lite-2021-47154: Net-CIDR-Lite vulnerability

Publisher	giterlizzi	Document category	csaf_security_advisory
Initial release date	2024-03-18T00:00:00	Engine	CSAF Perl Toolkit 0.25
Current release date	2024-03-18T00:00:00	Build Date
Current version	1	Status	final
CVSS v3.1 Base Score	6.3	Severity
Original language		Language	en
Also referred to

Vulnerability Description

The Net::CIDR::Lite module before 0.22 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.

Vulnerabilities

CVE-2021-47154

Vulnerability Description

Product status

Known affected

Product

Score

Net-CIDR-Lite less than 0.22

CVSS Version	CVSS Vector	CVSS Base Score	CVSS Base Severity
3.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L	6.3	Medium

Fixed

Net-CIDR-Lite greater than or equal 0.22

giterlizzi

Namespace: https://github.com/giterlizzi/

gdt@cpan.org

References

CPANSA-Net-CIDR-Lite-2021-47154 JSON self
https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/2024/cpansa-net-cidr-lite-2021-47154.json
https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/ external
https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/
https://github.com/stigtsp/Net-CIDR-Lite/commit/23b6ff0590dc279521863a502e890ef19a5a76fc external
https://github.com/stigtsp/Net-CIDR-Lite/commit/23b6ff0590dc279521863a502e890ef19a5a76fc
https://metacpan.org/dist/Net-CIDR-Lite/changes external
https://metacpan.org/dist/Net-CIDR-Lite/changes
https://metacpan.org/pod/Net::CIDR::Lite external
https://metacpan.org/pod/Net::CIDR::Lite
CVE-2021-47154 (NVD) external
https://nvd.nist.gov/vuln/detail/CVE-2021-47154

Revision history

Version	Date of the revision	Summary of the revision
1	Mon Mar 18 00:00:00 2024	First release

Sharing rules

TLP:WHITE
For the TLP version see: https://www.first.org/tlp/