Bug 1221565 (CVE-2021-47155)

Summary: VUL-0: CVE-2021-47155: perl-Net-IPv4Addr: leading zeroes in IPv4 octets may allow attackers to bypass certain access controls
Product: [openSUSE] openSUSE Distribution Reporter: SMASH SMASH <smash_bz>
Component: SecurityAssignee: Marcus Schaefer <ms>
Status: NEW --- QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: carlos.lopez
Version: Leap 15.6   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/397977/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description SMASH SMASH 2024-03-18 09:20:29 UTC 
The Net::IPV4Addr module 0.10 for Perl does not properly consider extraneous zero characters in an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-47155
https://www.cve.org/CVERecord?id=CVE-2021-47155
https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/#net-ipv4addrhttpsmetacpanorgreleasenet-ipv4addr
https://metacpan.org/release/Net-IPv4Addr