CVE-2021-29424 — Incorrect Type Conversion or Cast in Libnet-netmask-perl

CWE-704 — Incorrect Type Conversion or Cast CWE-1389 — Incorrect Parsing of Numbers with Different Radices CWE-863 — Incorrect Authorization5 documents5 sources

Severity

7.5HIGHNVD

EPSS

0.1%

top 75.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Libnet-netmask-perl Fedoraproject Fedora

Timeline

PublishedApr 6

Latest updateMay 24

Description

The Net::Netmask module before 2.0000 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶debiandebian/libnet-netmask-perl< libnet-netmask-perl 1.9104-2 (bookworm)

Also affects: Fedora 32, 33, 34

🔴Vulnerability Details

GHSA

GHSA-p75p-x3j9-7vj3: The Net::Netmask module before 2↗2022-05-24

▶

OSV

CVE-2021-29424: The Net::Netmask module before 2↗2021-04-06

▶

📋Vendor Advisories

Debian

CVE-2021-29424: libnet-netmask-perl - The Net::Netmask module before 2.0000 for Perl does not properly consider extran...↗2021

▶

📐Framework References

CWE

Incorrect Parsing of Numbers with Different Radices↗

▶