CVE-2021-29662 ( – Data)

CVE-2021-29662 ( – Data)
CVE-2021-29662 ( – Data)

Vulnerabilidad en Data – CVE-2021-29662 – Información y soluciones

Vulnerability Details : CVE-2021-29662

The Data::Validate::IP module through 0.29 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.

Publish Date : 2021-03-31 Last Update Date : 2021-06-08


Search Twitter

 

Search YouTube

 

Search Google


CVSS Scores & Vulnerability Types

CVSS Score
5.0
Confidentiality Impact None
(There is no impact to the confidentiality of the system.)
Integrity Impact Partial
(Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.)
Availability Impact None
(There is no impact to the availability of the system.)
Access Complexity Low
(Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. )
Authentication Not required
(Authentication is not required to exploit the vulnerability.)
Gained Access None
Vulnerability Type(s) Bypass a restriction or similar
CWE ID 863


Products Affected By CVE-2021-29662

# Product Type Vendor Product Version Update Edition Language
1 Application Data Validate Ip Project Data Version Details&nbspVulnerabilities
2 Application Netapp Snapcenter * * * Version Details&nbspVulnerabilities


References For CVE-2021-29662

https://sick.codes/sick-2021-018/
https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/
https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-018.md
https://github.com/houseabsolute/Data-Validate-IP/commit/3bba13c819d616514a75e089badd75002fd4f14e
https://security.netapp.com/advisory/ntap-20210604-0002/ CONFIRM
https://github.com/houseabsolute/Data-Validate-IP


Metasploit Modules Related To CVE-2021-29662

There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)

None
Partial
None
Low
Not required
None

Bypass a restriction or similar .