Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Net::CIDR versions before 0.24 for Perl mishandle leading zeros in IP CIDR addresses, which may have unspecified impact
Vulnerability Description
Net::CIDR versions before 0.24 for Perl mishandle leading zeros in IP CIDR addresses, which may have unspecified impact. The functions `addr2cidr` and `cidrlookup` may return leading zeros in a CIDR string, which may in turn be parsed as octal numbers by subsequent users. In some cases an attacker may be able to leverage this to bypass access controls based on IP addresses. The documentation advises validating untrusted CIDR strings with the `cidrvalidate` function. However, this mitigation is optional and not enforced by default. In practice, users may call `addr2cidr` or `cidrlookup` with untrusted input and without validation, incorrectly assuming that this is safe.
CVSS Information
N/A
Vulnerability Type
不正确的类型转换
Vulnerability Title
MetaCPAN Net::CIDR::Set 安全漏洞
Vulnerability Description
MetaCPAN Net::CIDR::Set是MetaCPAN基金会的一个库。 MetaCPAN Net::CIDR::Set 0.24之前版本存在安全漏洞,该漏洞源于错误处理IP CIDR地址中的前导零,可能导致绕过基于IP地址的访问控制。
CVSS Information
N/A
Vulnerability Type
N/A