CVE-2021-29662

{"id": "CVE-2021-29662", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2021-03-31T18:15:16.037", "references": [{"url": "https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/houseabsolute/Data-Validate-IP", "tags": ["Product", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/houseabsolute/Data-Validate-IP/commit/3bba13c819d616514a75e089badd75002fd4f14e", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-018.md", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://security.netapp.com/advisory/ntap-20210604-0002/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://sick.codes/sick-2021-018/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-704"}]}], "descriptions": [{"lang": "en", "value": "The Data::Validate::IP module through 0.29 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses."}, {"lang": "es", "value": "El m\u00f3dulo Data::Validate::IP versiones hasta 0.29 para Perl, no considera apropiadamente los caracteres cero extra\u00f1os al comienzo de una cadena de direcci\u00f3n IP, lo que (en algunas situaciones) permite a los atacantes omitir el control de acceso que se basa en direcciones IP."}], "lastModified": "2023-08-08T14:21:49.707", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:data\\:\\:validate\\:\\:ip_project:data\\:\\:validate\\:\\:ip:*:*:*:*:*:perl:*:*", "vulnerable": true, "matchCriteriaId": "612FC238-2C82-44A8-83E5-8F263697F9F6", "versionEndIncluding": "0.29"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}