CPANSA-Net-IPV4Addr-2021-47155: Net-IPv4Addr vulnerability
Publisher | giterlizzi | Document category | csaf_security_advisory |
---|---|---|---|
Initial release date | 2024-03-18T00:00:00 | Engine | CSAF Perl Toolkit 0.25 |
Current release date | 2024-03-18T00:00:00 | Build Date | |
Current version | 1 | Status | final |
CVSS v3.1 Base Score | 9.1 | Severity | |
Original language | Language | en | |
Also referred to |
Vulnerability Description
The Net::IPAddress::Util module before 5.000 for Perl does not properly consider extraneous zero characters in an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.
Vulnerabilities
CVE-2021-47155
Vulnerability DescriptionThe Net::IPV4Addr module 0.10 for Perl does not properly consider extraneous zero characters in an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.
Weakness | CWE-284 : Improper Access Control |
---|
Product status
Known affected
Product | Score | ||||||||
---|---|---|---|---|---|---|---|---|---|
Net-IPv4Addr greater than or equal 0.10 |
|
giterlizzi
Namespace: https://github.com/giterlizzi/
gdt@cpan.org
References
- CPANSA-Net-IPV4Addr-2021-47155 JSON self
https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/2024/cpansa-net-ipv4addr-2021-47155.json - https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/ external
https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/ - https://metacpan.org/release/Net-IPAddress-Util external
https://metacpan.org/release/Net-IPAddress-Util - https://metacpan.org/release/PWBENNETT/Net-IPAddress-Util-5.000/changes external
https://metacpan.org/release/PWBENNETT/Net-IPAddress-Util-5.000/changes - CVE-2021-47155 (NVD) external
https://nvd.nist.gov/vuln/detail/CVE-2021-47155
Revision history
Version | Date of the revision | Summary of the revision |
---|---|---|
1 | Mon Mar 18 00:00:00 2024 | First release |
Sharing rules
TLP:WHITE
For the TLP version see: https://www.first.org/tlp/