CVE-2021-47156

MEDIUM

Net::IPAddress::Util <5.000 - Info Disclosure

Title source: llm

Description

The Net::IPAddress::Util module before 5.000 for Perl does not properly consider extraneous zero characters in an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.

References (3)

[Various Sources] https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/

[Release Notes] https://metacpan.org/release/Net-IPAddress-Util

[Release Notes] https://metacpan.org/release/PWBENNETT/Net-IPAddress-Util-5.000/changes

Scores

CVSS v3 6.5

EPSS 0.0013

EPSS Percentile 31.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-1287

Status published

Published Mar 18, 2024

Tracked Since Feb 18, 2026