Beefy Boxes and Bandwidth Generously Provided by pair Networks
Do you know where your variables are?

Security Issues in Perl IP Address distros

by choroba (Archbishop)
on Mar 30, 2021 at 12:59 UTC ( #11130589=perlnews: print w/replies, xml ) Need Help??

Security Issues in Perl IP Address distros


  • Net-Netmask: Vulnerable before 2.00000 release. Upgrade now.
  • Net-CIDR-Lite: Affected and unmaintained.
  • Net-IPAddress-Util: Affected.
  • Data-Validate-IP: Depends on exactly how itís used. See below for details.
  • Socket: Appears unaffected.
  • Net-DNS: Appears unaffected.
  • NetAddr-IP: Appears unaffected.
  • Net-Subnet: Appears unaffected.
  • Net-Patricia: Appears unaffected.

map{substr$_->[0],$_->[1]||0,1}[\*||{},3],[[]],[ref qr-1,-,-1],[{}],[sub{}^*ARGV,3]

Replies are listed 'Best First'.
Re: Security Issues in Perl IP Address distros
by parv (Vicar) on Mar 31, 2021 at 02:37 UTC
Re: Security Issues in Perl IP Address distros
by hippo (Chancellor) on Apr 06, 2021 at 12:54 UTC

    Note that Net::CIDR::Lite now has an active maintainer (STIGTSP) and as of version 0.22 has been patched to address this flaw.


Re: Security Issues in Perl IP Address distros
by jeffenstein (Friar) on Mar 30, 2021 at 15:35 UTC

    If I'm reading it correctly, it only affects you if you've configured something using octal IP addresses, or you are trusting textual IP address from remote users. Is it really a security issue in that case?

      From my limited experience from security, everything that has a potential to behave differently than expected is considered a security issue. After the original node issue was published, I can imagine lots of people and robots trying entering dangerous IPs everywhere just to see what happens.

      map{substr$_->[0],$_->[1]||0,1}[\*||{},3],[[]],[ref qr-1,-,-1],[{}],[sub{}^*ARGV,3]

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: perlnews [id://11130589]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others taking refuge in the Monastery: (4)
As of 2021-05-14 04:18 GMT
Find Nodes?
    Voting Booth?
    Perl 7 will be out ...

    Results (148 votes). Check out past polls.