1221565 – (CVE-2021-47155) VUL-0: CVE-2021-47155: perl-Net-IPv4Addr: leading zeroes in IPv4 octets may allow attackers to bypass certain access controls

Bug 1221565 (CVE-2021-47155) - VUL-0: CVE-2021-47155: perl-Net-IPv4Addr: leading zeroes in IPv4 octets may allow attackers to bypass certain access controls

Summary: VUL-0: CVE-2021-47155: perl-Net-IPv4Addr: leading zeroes in IPv4 octets may a...

Status:	NEW

Alias:	CVE-2021-47155

Product:	openSUSE Distribution
Classification:	openSUSE
Component:	Security (show other bugs)
Version:	Leap 15.6
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal (vote)
Target Milestone:	---
Assignee:	Marcus Schaefer
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/397977/
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2024-03-18 09:20 UTC by SMASH SMASH
Modified:	2024-03-18 10:15 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description SMASH SMASH 2024-03-18 09:20:29 UTC

The Net::IPV4Addr module 0.10 for Perl does not properly consider extraneous zero characters in an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-47155
https://www.cve.org/CVERecord?id=CVE-2021-47155
https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/#net-ipv4addrhttpsmetacpanorgreleasenet-ipv4addr
https://metacpan.org/release/Net-IPv4Addr