CVE-2021-29424

The Net::Netmask module before 2.0000 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.
Configurations

Configuration 1 (hide)

cpe:2.3:a:net\:\:netmask_project:net\:\:netmask:*:*:*:*:*:perl:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

History

07 Nov 2023, 03:32

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y7JIPQAY5OZ5D3DA7INQILU7SGHTHMWB/', 'name': 'FEDORA-2021-c314017fcc', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBJVLXJSWN6DKSF5ADUEERI6M23R3GGP/', 'name': 'FEDORA-2021-3d96cfe6a3', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JF4CYIZELC3NISB3RMV4OCI4GYBC557B/', 'name': 'FEDORA-2021-be62be8c7c', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBJVLXJSWN6DKSF5ADUEERI6M23R3GGP/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JF4CYIZELC3NISB3RMV4OCI4GYBC557B/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y7JIPQAY5OZ5D3DA7INQILU7SGHTHMWB/ -

08 Aug 2023, 14:21

Type Values Removed Values Added
CWE CWE-863 CWE-704

08 Jun 2021, 13:52

Type Values Removed Values Added
References (CONFIRM) https://security.netapp.com/advisory/ntap-20210604-0007/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20210604-0007/ - Third Party Advisory

04 Jun 2021, 10:15

Type Values Removed Values Added
References
  • (CONFIRM) https://security.netapp.com/advisory/ntap-20210604-0007/ -

15 Apr 2021, 14:55

Type Values Removed Values Added
References (MISC) https://metacpan.org/changes/distribution/Net-Netmask#L11-22 - (MISC) https://metacpan.org/changes/distribution/Net-Netmask#L11-22 - Release Notes, Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBJVLXJSWN6DKSF5ADUEERI6M23R3GGP/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBJVLXJSWN6DKSF5ADUEERI6M23R3GGP/ - Mailing List, Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y7JIPQAY5OZ5D3DA7INQILU7SGHTHMWB/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y7JIPQAY5OZ5D3DA7INQILU7SGHTHMWB/ - Mailing List, Third Party Advisory
References (MISC) https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/ - (MISC) https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/ - Exploit, Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JF4CYIZELC3NISB3RMV4OCI4GYBC557B/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JF4CYIZELC3NISB3RMV4OCI4GYBC557B/ - Mailing List, Third Party Advisory
CWE CWE-863
CPE cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
cpe:2.3:a:net\:\:netmask_project:net\:\:netmask:*:*:*:*:*:perl:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 5.0
v3 : 7.5

09 Apr 2021, 00:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y7JIPQAY5OZ5D3DA7INQILU7SGHTHMWB/ -
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JF4CYIZELC3NISB3RMV4OCI4GYBC557B/ -

06 Apr 2021, 16:51

Type Values Removed Values Added
New CVE

Information

Published : 2021-04-06 16:15

Updated : 2023-12-10 13:55


NVD link : CVE-2021-29424

Mitre link : CVE-2021-29424

CVE.ORG link : CVE-2021-29424


JSON object : View

Products Affected

net\

  • \

fedoraproject

  • fedora
CWE
CWE-704

Incorrect Type Conversion or Cast