CVE-2021-33318

CRITICAL

Joel Christner .NET C# packages - Input Validation Vulnerability

Title source: llm

Description

An Input Validation Vulnerability exists in Joel Christner .NET C# packages WatsonWebserver, IpMatcher 1.0.4.1 and below (IpMatcher) and 4.1.3 and below (WatsonWebserver) due to insufficient validation of input IP addresses and netmasks against the internal Matcher list of IP addresses and subnets.

References (4)

Core 4

Core References

Third Party Advisory x_refsource_misc

https://github.com/jchristn/IpMatcher

View Writeup ZIP pw:eip

Third Party Advisory x_refsource_misc

https://github.com/jchristn/WatsonWebserver

Exploit, Third Party Advisory x_refsource_misc

https://github.com/kaoudis/advisories/blob/main/0-2021.md

View Exploit ZIP pw:eip

Patch, Third Party Advisory x_refsource_misc

https://github.com/jchristn/IpMatcher/commit/81d77c2f33aa912dbd032b34b9e184fc6e041d89

View Patch ZIP pw:eip

Scores

CVSS v3 9.8

EPSS 0.0192

EPSS Percentile 77.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-704

Status published

Products (3)

ipmatcher_project/ipmatcher < 1.0.4.1

nuget/IpMatcher 0 - 1.0.4.2NuGet

watsonwebserver_project/watsonwebserver < 4.1.3

Published May 16, 2022

Tracked Since Feb 18, 2026