CVE-2021-33318

CRITICAL

Joel Christner .NET C# packages - Input Validation Vulnerability

Title source: llm

Description

An Input Validation Vulnerability exists in Joel Christner .NET C# packages WatsonWebserver, IpMatcher 1.0.4.1 and below (IpMatcher) and 4.1.3 and below (WatsonWebserver) due to insufficient validation of input IP addresses and netmasks against the internal Matcher list of IP addresses and subnets.

References (4)

[Third Party Advisory] https://github.com/jchristn/IpMatcher

View Writeup ZIP pw:eip

[Third Party Advisory] https://github.com/jchristn/WatsonWebserver

[Exploit, Third Party Advisory] https://github.com/kaoudis/advisories/blob/main/0-2021.md

View Exploit ZIP pw:eip

[Patch, Third Party Advisory] https://github.com/jchristn/IpMatcher/commit/81d77c2f33aa912dbd032b34b9e184fc6e041d89

Scores

CVSS v3 9.8

EPSS 0.0074

EPSS Percentile 73.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-704

Status published

Products (3)

ipmatcher_project/ipmatcher < 1.0.4.1

nuget/IpMatcher 0 - 1.0.4.2NuGet

watsonwebserver_project/watsonwebserver < 4.1.3

Published May 16, 2022

Tracked Since Feb 18, 2026