Lucene search
Veracode Vulnerability DatabaseVERACODE:29965HistoryApr 12, 2021 - 11:40 p.m.
Access Control Bypass
2021-04-1223:40:26
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
0.002 Low
EPSS
Percentile
61.9%
The Data::Validate::IP module is vulnerable to access control bypass. It does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.
| CPE | Name | Operator | Version |
|---|---|---|---|
| libdata-validate-ip-perl:sid | eq | 0.27-1 | |
| libdata-validate-ip-perl:bullseye | eq | 0.27-1 |
References
blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/
github.com/houseabsolute/Data-Validate-IP
github.com/houseabsolute/Data-Validate-IP/commit/3bba13c819d616514a75e089badd75002fd4f14e
github.com/sickcodes/security/blob/master/advisories/SICK-2021-018.md
security-tracker.debian.org/tracker/CVE-2021-29662
security.netapp.com/advisory/ntap-20210604-0002/
sick.codes/sick-2021-018/
Related
nvd
nvd
CVE-2021-29662
2021-03-31 18:15:16
ubuntucve
ubuntucve
CVE-2021-29662
2021-03-31 00:00:00
prion
prion
Improper access control
2021-03-31 18:15:00
debiancve
debiancve
CVE-2021-29662
2021-03-31 18:15:16
cvelist
cvelist
CVE-2021-29662
2021-03-31 17:28:16
osv
osv
CVE-2021-29662
2021-03-31 18:15:16
cve
cve
CVE-2021-29662
2021-03-31 18:15:16