http://www.perlmonks.org?node_id=11130589

Security Issues in Perl IP Address distros

tl;dr:

map{substr$_->[0],$_->[1]||0,1}[\*||{},3],[[]],[ref qr-1,-,-1],[{}],[sub{}^*ARGV,3]

Replies are listed 'Best First'.
Re: Security Issues in Perl IP Address distros
by parv (Parson) on Mar 31, 2021 at 02:37 UTC
[reply]
Re: Security Issues in Perl IP Address distros
by hippo (Bishop) on Apr 06, 2021 at 12:54 UTC

    Note that Net::CIDR::Lite now has an active maintainer (STIGTSP) and as of version 0.22 has been patched to address this flaw.

    🦛

[reply]
Re: Security Issues in Perl IP Address distros
by jeffenstein (Hermit) on Mar 30, 2021 at 15:35 UTC

    If I'm reading it correctly, it only affects you if you've configured something using octal IP addresses, or you are trusting textual IP address from remote users. Is it really a security issue in that case?

[reply]
      From my limited experience from security, everything that has a potential to behave differently than expected is considered a security issue. After the original node issue was published, I can imagine lots of people and robots trying entering dangerous IPs everywhere just to see what happens.

      map{substr$_->[0],$_->[1]||0,1}[\*||{},3],[[]],[ref qr-1,-,-1],[{}],[sub{}^*ARGV,3]
[reply]
[d/l]

Back to Perl News