CVE-2021-29424: Incorrect Type Cast
First published: Mon Mar 29 2021(Updated: )
The Net::Netmask module before 2.0000 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Net\ \ | <2.0000 | |
| Fedoraproject Fedora | =32 | |
| Fedoraproject Fedora | =33 | |
| Fedoraproject Fedora | =34 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBJVLXJSWN6DKSF5ADUEERI6M23R3GGP/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JF4CYIZELC3NISB3RMV4OCI4GYBC557B/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y7JIPQAY5OZ5D3DA7INQILU7SGHTHMWB/
- https://metacpan.org/changes/distribution/Net-Netmask#L11-22
- https://security.netapp.com/advisory/ntap-20210604-0007/
- https://www.bleepingcomputer.com/news/security/critical-netmask-networking-bug-impacts-thousands-of-applications/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBJVLXJSWN6DKSF5ADUEERI6M23R3GGP/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JF4CYIZELC3NISB3RMV4OCI4GYBC557B/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y7JIPQAY5OZ5D3DA7INQILU7SGHTHMWB/
- collector/nvd-api
- collector/nvd-index
- agent/author
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- collector/bleeping-computer
- source/BleepingComputer
- alias/CVE-2021-28918
- alias/CVE-2021-29418
- alias/CVE-2021-29424
- agent/severity
- agent/weakness
- agent/references
- agent/event
- agent/tags
- agent/description
- collector/mitre-cve
- source/MITRE
- vendor/net\
- canonical/net\ \
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/32
- version/fedoraproject fedora/33
- version/fedoraproject fedora/34