CVE-2021-29662

April 7, 2021

The Data::Validate::IP module through 0.29 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.

Summary:

The Data::Validate::IP module through 0.29 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.

Reference Links(if available):

  • https://github.com/houseabsolute/Data-Validate-IP/commit/3bba13c819d616514a75e089badd75002fd4f14e
  • https://sick.codes/sick-2021-018/
  • https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/
  • https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-018.md
  • https://github.com/houseabsolute/Data-Validate-IP

    • CVSS Score (if available)

    v2: / MEDIUM

    v3: /

    Links to Exploits(if available)

  • You may have missed

    unlock membership

    Fortifying the Backbone: Cybersecurity for Critical Infrastructure

    November 15, 2024
    news

    Bank of England U-Turns on Critical Third Party Vulnerability Disclosure Rules

    November 15, 2024
    news

    Sitting Ducks DNS Attacks Threaten Over 1 Million Global Domains

    November 15, 2024
    news

    API Security Threats: 83% of Companies Experience Security Incidents

    November 15, 2024
    news

    Microsoft Power Pages: Misconfiguration Risks and Data Exposure

    November 15, 2024