Lucene search
MitreCVELIST:CVE-2021-29662HistoryMar 31, 2021 - 5:28 p.m.
CVE-2021-29662
2021-03-3117:28:16
mitre
www.cve.org
9
data::validate::ip
perl
access control
EPSS
0.002
Percentile
61.8%
The Data::Validate::IP module through 0.29 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.
References
blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/
github.com/houseabsolute/Data-Validate-IP
github.com/houseabsolute/Data-Validate-IP/commit/3bba13c819d616514a75e089badd75002fd4f14e
github.com/sickcodes/security/blob/master/advisories/SICK-2021-018.md
security.netapp.com/advisory/ntap-20210604-0002/
sick.codes/sick-2021-018/
Related
veracode
veracode
Access Control Bypass
2021-04-12 23:40:26
nvd
nvd
CVE-2021-29662
2021-03-31 18:15:16
ubuntucve
ubuntucve
CVE-2021-29662
2021-03-31 00:00:00
prion
prion
Improper access control
2021-03-31 18:15:00
debiancve
debiancve
CVE-2021-29662
2021-03-31 18:15:16
osv
osv
CVE-2021-29662
2021-03-31 18:15:16
cve
cve
CVE-2021-29662
2021-03-31 18:15:16