CVE-2021-47154

6.3 MEDIUM

Published: March 18, 2024 Modified: April 15, 2026

Description

The Net::CIDR::Lite module before 0.22 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/

Source: cve@mitre.org

https://github.com/stigtsp/Net-CIDR-Lite/commit/23b6ff0590dc279521863a502e890ef19a5a76fc

Source: cve@mitre.org

https://lists.debian.org/debian-lts-announce/2024/03/msg00023.html

Source: cve@mitre.org

https://metacpan.org/dist/Net-CIDR-Lite/changes

Source: cve@mitre.org

https://metacpan.org/pod/Net::CIDR::Lite

Source: cve@mitre.org

https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/