Bug#1072178: libnetwork-ipv4addr-perl: CVE-2021-47155
Moritz Mühlenhoff
jmm at inutil.org
Wed May 29 18:31:23 BST 2024
Source: libnetwork-ipv4addr-perl
X-Debbugs-CC: team at security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerability was published for libnetwork-ipv4addr-perl.
CVE-2021-47155[0]:
| The Net::IPV4Addr module 0.10 for Perl does not properly consider
| extraneous zero characters in an IP address string, which (in some
| situations) allows attackers to bypass access control that is based
| on IP addresses.
https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/#net-ipv4addrhttpsmetacpanorgreleasenet-ipv4addr
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-47155
https://www.cve.org/CVERecord?id=CVE-2021-47155
Please adjust the affected versions in the BTS as needed.
More information about the pkg-perl-maintainers
mailing list