CVE-2021-4456 in Net::CIDRالمعلومات

الملخص

بحسب MITRE • 27/02/2026

Net::CIDR versions before 0.24 for Perl mishandle leading zeros in IP CIDR addresses, which may have unspecified impact.

The functions `addr2cidr` and `cidrlookup` may return leading zeros in a CIDR string, which may in turn be parsed as octal numbers by subsequent users. In some cases an attacker may be able to leverage this to bypass access controls based on IP addresses.

The documentation advises validating untrusted CIDR strings with the `cidrvalidate` function. However, this mitigation is optional and not enforced by default. In practice, users may call `addr2cidr` or `cidrlookup` with untrusted input and without validation, incorrectly assuming that this is safe.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

CPANSec

حجز

19/05/2025

إفشاء

27/02/2026

الاعتدال

تمت الموافقة

إدخال

VDB-348089

CPE

جاهز

CWE

CWE-704 (مؤكد)

CVSS

6.5 (CISA-ADP)

EPSS

0.00072

KEV

لا

النشاطات

منخفض جدًا

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2021-4456
NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-4456
CVE Details	https://www.cvedetails.com/cve/CVE-2021-4456/

التالي ▸نظرة عامة ◂ السابق

Interested in the pricing of exploits?

See the underground prices here!