CVE-2021-47155 : The Net::IPV4Addr module 0.10 for Perl does not properly consider extraneous zer

The Net::IPV4Addr module 0.10 for Perl does not properly consider extraneous zero characters in an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.

Published 2024-03-18 05:15:06

Updated 2024-08-29 20:35:04

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2021-47155

Please log in to view affected product information.

Exploit prediction scoring system (EPSS) score for CVE-2021-47155

EPSS FAQ

0.15%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 32 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-47155

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.1	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N	3.9	5.2	134c704f-9b21-4f2e-91b3-4a467353bcc0	2024-08-29
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: None

CWE ids for CVE-2021-47155

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

References for CVE-2021-47155

https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/#net-ipv4addrhttpsmetacpanorgreleasenet-ipv4addr

Security Issues in Perl IP Address distros - House Absolute(ly Pointless)
https://metacpan.org/release/Net-IPv4Addr

Net-IPv4Addr-0.10 - Perl extension for manipulating IPv4 addresses. - metacpan.org

Jump to

Vulnerability Details : CVE-2021-47155

Products affected by CVE-2021-47155

Exploit prediction scoring system (EPSS) score for CVE-2021-47155

CVSS scores for CVE-2021-47155

CWE ids for CVE-2021-47155

References for CVE-2021-47155