ELA-1062-1 libnet-cidr-lite-perl security update

bypass access check based on IP addresses

2024-03-23
Packagelibnet-cidr-lite-perl
Version0.21-1+deb9u1 (stretch)
Related CVEs CVE-2021-47154


An issue has been found in libnet-cidr-lite-perl, a module for merging IPv4 or IPv6 CIDR address ranges.

Extraneous zero characters at the beginning of an IP address string might allow attackers to bypass access control that is based on IP addresses.

Please check your application whether it accidentally allows such leading zero characters (that are normally meant to indicate octal numbers).



For Debian 9 stretch, these problems have been fixed in version 0.21-1+deb9u1.

We recommend that you upgrade your libnet-cidr-lite-perl packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.