Fluid Attacks Database

Description

The Net::CIDR::Lite module before 0.22 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	libnet-cidr-lite-perl	>=0 <0.22-1	0.22-1
debian 11	libnet-cidr-lite-perl	>=0 <0.22-1	0.22-1
debian 13	libnet-cidr-lite-perl	>=0 <0.22-1	0.22-1
debian 14	libnet-cidr-lite-perl	>=0 <0.22-1	0.22-1

Aliases

1. CVE-2021-471542. NVD-2021-471543. OSV-DEBIAN-2021-471544. OSV-2021-471545. SECURITY-TRACKER-CVE-2021-47154

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.