CVE-2021-29662

high

Description

The Data::Validate::IP module through 0.29 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.

References

Advisories
More

https://security.netapp.com/advisory/ntap-20210604-0002/

https://github.com/houseabsolute/Data-Validate-IP/commit/3bba13c819d616514a75e089badd75002fd4f14e

https://github.com/houseabsolute/Data-Validate-IP

https://sick.codes/sick-2021-018/

https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-018.md

https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/

Details

Source: Mitre, NVD

Published: 2021-03-31

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: High

EPSS

EPSS: 0.00554

Detections

Analytics