Vulnerability Details : CVE-2021-47154
The Net::CIDR::Lite module before 0.22 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.
Products affected by CVE-2021-47154
Please log in to view affected product information.
Exploit prediction scoring system (EPSS) score for CVE-2021-47154
0.02%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 4 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-47154
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L |
2.8
|
3.4
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2024-11-15 |
|
6.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L |
N/A
|
N/A
|
RedHat-CVE-2021-47154 | 2024-03-18 |
References for CVE-2021-47154
-
https://metacpan.org/dist/Net-CIDR-Lite/changes
Changes - metacpan.org
-
https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/
Security Issues in Perl IP Address distros - House Absolute(ly) Pointless
-
https://github.com/stigtsp/Net-CIDR-Lite/commit/23b6ff0590dc279521863a502e890ef19a5a76fc
Security: Prevent leading zeroes in ipv4 octets · stigtsp/Net-CIDR-Lite@23b6ff0 · GitHub
-
https://lists.debian.org/debian-lts-announce/2024/03/msg00023.html
[SECURITY] [DLA 3770-1] libnet-cidr-lite-perl security update
-
https://metacpan.org/pod/Net::CIDR::Lite
Net::CIDR::Lite - Perl extension for merging IPv4 or IPv6 CIDR addresses - metacpan.org
Jump to