2270054 – (CVE-2021-47155) CVE-2021-47155 Net-IPv4Addr: improper handling of extraneous zero characters in an IP address string

Bug 2270054 (CVE-2021-47155) - CVE-2021-47155 Net-IPv4Addr: improper handling of extraneous zero characters in an IP address string

Summary: CVE-2021-47155 Net-IPv4Addr: improper handling of extraneous zero characters ...

Keywords:
Status:	NEW
Alias:	CVE-2021-47155
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2024-03-18 11:15 UTC by TEJ RATHI
Modified:	2024-03-18 11:29 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A vulnerability has been discovered in the Perl module Net-IPv4Addr, where extraneous zero characters at the start of an IP address string are not adequately handled. This flaw may enable attackers to circumvent IP address-based access controls in certain scenarios.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description TEJ RATHI 2024-03-18 11:15:05 UTC

The Net::IPV4Addr module 0.10 for Perl does not properly consider extraneous zero characters in an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.

https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/#net-ipv4addrhttpsmetacpanorgreleasenet-ipv4addr
https://metacpan.org/release/Net-IPv4Addr

Note You need to log in before you can comment on or make changes to this bug.