Bug 2270054 (CVE-2021-47155) - CVE-2021-47155 Net-IPv4Addr: improper handling of extraneous zero characters in an IP address string
Summary: CVE-2021-47155 Net-IPv4Addr: improper handling of extraneous zero characters ...
Keywords:
Status: NEW
Alias: CVE-2021-47155
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-03-18 11:15 UTC by TEJ RATHI
Modified: 2024-03-18 11:29 UTC (History)
0 users

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A vulnerability has been discovered in the Perl module Net-IPv4Addr, where extraneous zero characters at the start of an IP address string are not adequately handled. This flaw may enable attackers to circumvent IP address-based access controls in certain scenarios.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description TEJ RATHI 2024-03-18 11:15:05 UTC
The Net::IPV4Addr module 0.10 for Perl does not properly consider extraneous zero characters in an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.

https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/#net-ipv4addrhttpsmetacpanorgreleasenet-ipv4addr
https://metacpan.org/release/Net-IPv4Addr


Note You need to log in before you can comment on or make changes to this bug.