VDB
CVE-2021-47154
CVE-2021-47154
PUBLISHED
CVSS 6.300000190734863 MEDIUM
The Net::CIDR::Lite module before 0.22 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.
EPSS 0.06% · 19.9th percentile
Risk Scores
CVSS 3.1
6.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
EPSS Score
0.06%
19.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
Exploit Intelligence
- https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/ (circl)
- https://metacpan.org/pod/Net::CIDR::Lite (circl)
- https://github.com/stigtsp/Net-CIDR-Lite/commit/23b6ff0590dc279521863a502e890ef19a5a76fc (circl)
- https://metacpan.org/dist/Net-CIDR-Lite/changes (circl)
- [debian-lts-announce] 20240323 [SECURITY] [DLA 3770-1] libnet-cidr-lite-perl security update (circl)
- CPANSA-Net-CIDR-Lite.yml (github-poc)
- CPANSA-Net-CIDR-Lite.yml (github-poc)
- CPANSA-Net-CIDR-Lite.yml (github-poc)
- CPANSA-Net-CIDR-Lite.yml (github-poc)
Timeline
- Mar 18, 2024 CVE Published
- Mar 18, 2024 EPSS Score
- Apr 13, 2024 EPSS Score
- May 9, 2024 EPSS Score
- Jun 4, 2024 EPSS Score
- Jun 30, 2024 EPSS Score
- Jul 26, 2024 EPSS Score
- Aug 21, 2024 EPSS Score
- Sep 16, 2024 EPSS Score
- Oct 12, 2024 EPSS Score
- Nov 7, 2024 EPSS Score
- Nov 15, 2024 CVE Updated
References
- https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/ url
- https://metacpan.org/pod/Net::CIDR::Lite url
- https://github.com/stigtsp/Net-CIDR-Lite/commit/23b6ff0590dc279521863a502e890ef19a5a76fc url
- https://metacpan.org/dist/Net-CIDR-Lite/changes url
- [debian-lts-announce] 20240323 [SECURITY] [DLA 3770-1] libnet-cidr-lite-perl security update mailing-list
- https://nvd.nist.gov/vuln/detail/CVE-2021-47154 advisory
- https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros url