CVE-2021-47155
📋 TL;DR
This vulnerability in Net::IPv4Addr 0.10 for Perl allows attackers to bypass IP-based access controls by using IP addresses with extraneous zero characters (like 192.168.001.010). Systems using this module for IP address validation or access control are affected.
💻 Affected Systems
- Net::IPv4Addr Perl module
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete bypass of IP-based authentication and authorization systems, potentially allowing unauthorized access to sensitive systems or data.
Likely Case
Partial bypass of IP whitelisting/blacklisting controls, enabling unauthorized access to restricted resources or services.
If Mitigated
Limited impact if additional authentication layers or network segmentation exist beyond IP-based controls.
🎯 Exploit Status
Exploitation requires sending specially crafted IP addresses with leading zeros to systems using vulnerable Net::IPv4Addr parsing.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 0.11 or later
Vendor Advisory: https://metacpan.org/release/Net-IPv4Addr
Restart Required: No
Instructions:
1. Update Net::IPv4Addr using CPAN: 'cpan Net::IPv4Addr'
2. Verify installation of version 0.11 or later
3. No restart required, but affected Perl scripts should be reloaded
🔧 Temporary Workarounds
Input Validation Workaround
allImplement custom IP validation that rejects addresses with leading zeros before passing to Net::IPv4Addr
perl -e 'if ($ip =~ /\b0\d+/) { die "Invalid IP with leading zeros" }'
🧯 If You Can't Patch
- Implement additional authentication layers beyond IP-based controls
- Use network-level controls (firewalls, WAFs) to filter traffic before it reaches vulnerable applications
🔍 How to Verify
Check if Vulnerable:
Check if Perl scripts use Net::IPv4Addr and test with IP '192.168.001.001' - if it parses as valid, system is vulnerableCheck Version:
perl -MNet::IPv4Addr -e 'print $Net::IPv4Addr::VERSION'Verify Fix Applied:
After update, test with IP '192.168.001.001' - should be rejected or normalized without extra zeros📡 Detection & Monitoring
Log Indicators:
- Failed authentication attempts with IPs containing leading zeros
- Access from unexpected IP ranges
Network Indicators:
- Traffic with IP addresses containing octets with leading zeros in application layer
SIEM Query:
source="application_logs" AND (ip_address="*0[0-9]*.*" OR message="*bypass*" OR message="*unauthorized*")🔗 References
- https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/#net-ipv4addrhttpsmetacpanorgreleasenet-ipv4addr
- https://metacpan.org/release/Net-IPv4Addr
- https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/#net-ipv4addrhttpsmetacpanorgreleasenet-ipv4addr
- https://metacpan.org/release/Net-IPv4Addr
