Описание
The Net::Netmask module before 2.0000 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libnet-netmask-perl | fixed | 1.9104-2 | package | |
| libnet-netmask-perl | no-dsa | buster | package | |
| libnet-netmask-perl | no-dsa | stretch | package |
Примечания
https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/
https://metacpan.org/changes/distribution/Net-Netmask#L11-22
https://github.com/jmaslak/Net-Netmask/commit/9023b403682f1eaadadf6cb71ba0117a1fa4f163
Fixed by: https://github.com/jmaslak/Net-Netmask/commit/9023b403682f1eaadadf6cb71ba0117a1fa4f163
Improvements and add safe_new() method:
https://github.com/jmaslak/Net-Netmask/commit/6b60b4eb3e98ee7548c13ecb7cb02c626f948a40
Remove warnings introduced in tests:
https://github.com/jmaslak/Net-Netmask/commit/30d82695e32bc3b1615c7cd08d34528252363436
EPSS
Связанные уязвимости
The Net::Netmask module before 2.0000 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.
The Net::Netmask module before 2.0000 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.
The Net::Netmask module before 2.0000 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.
EPSS