CVE-2021-29662

HIGH

Data::Validate::IP <0.29 - Info Disclosure

Title source: llm

Description

The Data::Validate::IP module through 0.29 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.

References (6)

[Exploit, Third Party Advisory] https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/

[Patch, Third Party Advisory] https://github.com/houseabsolute/Data-Validate-IP/commit/3bba13c819d616514a75e089badd75002fd4f14e

[Exploit, Third Party Advisory] https://sick.codes/sick-2021-018/

[Product, Third Party Advisory] https://github.com/houseabsolute/Data-Validate-IP

View Writeup ZIP pw:eip

[Exploit, Third Party Advisory] https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-018.md

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20210604-0002/

Scores

CVSS v3 7.5

EPSS 0.0026

EPSS Percentile 49.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-704

Status published

Products (2)

data\/\ < 0.29

netapp/snapcenter

Published Mar 31, 2021

Tracked Since Feb 18, 2026