CVE-2021-47154 Information

Description

The Net::CIDR::Lite module before 0.22 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string which (in some situations) allows attackers to bypass access control that is based on IP addresses.

Reference

https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/ https://metacpan.org/pod/Net::CIDR::Lite https://github.com/stigtsp/Net-CIDR-Lite/commit/23b6ff0590dc279521863a502e890ef19a5a76fc https://metacpan.org/dist/Net-CIDR-Lite/changes