Candidate: CVE-2021-29662
PublicDate: 2021-03-31 18:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29662
Description:
 The Data::Validate::IP module through 0.29 for Perl does not properly
 consider extraneous zero characters at the beginning of an IP address
 string, which (in some situations) allows attackers to bypass access
 control that is based on IP addresses.
Ubuntu-Description:
Notes:
 mdeslaur> the upstream patch only clarifies the documentation, there is
 mdeslaur> actual behaviour change. Marking as negligible.
Mitigation:
Bugs:
Priority: negligible
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N [7.5 HIGH]


Patches_libdata-validate-ip-perl:
 upstream: https://github.com/houseabsolute/Data-Validate-IP/commit/3bba13c819d616514a75e089badd75002fd4f14e
upstream_libdata-validate-ip-perl: released (0.30-1)
precise/esm_libdata-validate-ip-perl: DNE
trusty_libdata-validate-ip-perl: ignored (out of standard support)
trusty/esm_libdata-validate-ip-perl: DNE
xenial_libdata-validate-ip-perl: ignored (end of standard support, was needs-triage)
bionic_libdata-validate-ip-perl: needed
focal_libdata-validate-ip-perl: needed
groovy_libdata-validate-ip-perl: ignored (reached end-of-life)
hirsute_libdata-validate-ip-perl: ignored (reached end-of-life)
impish_libdata-validate-ip-perl: not-affected (0.30-1)
jammy_libdata-validate-ip-perl: not-affected (0.30-1)
devel_libdata-validate-ip-perl: not-affected (0.30-1)