CVE-2021-29662

The Data::Validate::IP module through 0.29 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.
Configurations

Configuration 1 (hide)

cpe:2.3:a:data\:\:validate\:\:ip_project:data\:\:validate\:\:ip:*:*:*:*:*:perl:*:*

Configuration 2 (hide)

cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*

History

08 Aug 2023, 14:21

Type Values Removed Values Added
CWE CWE-863 CWE-704

08 Jun 2021, 13:51

Type Values Removed Values Added
References (CONFIRM) https://security.netapp.com/advisory/ntap-20210604-0002/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20210604-0002/ - Third Party Advisory
References (MISC) https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/ - Exploit (MISC) https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/ - Exploit, Third Party Advisory
CPE cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*

04 Jun 2021, 10:15

Type Values Removed Values Added
References
  • (CONFIRM) https://security.netapp.com/advisory/ntap-20210604-0002/ -

Information

Published : 2021-03-31 18:15

Updated : 2024-02-04 21:47


NVD link : CVE-2021-29662

Mitre link : CVE-2021-29662

CVE.ORG link : CVE-2021-29662


JSON object : View

Products Affected

data\

  • \

netapp

  • snapcenter
CWE
CWE-704

Incorrect Type Conversion or Cast