7.5
CVE-2021-29424
- EPSS 0.09%
- Published 06.04.2021 16:15:16
- Last modified 21.11.2024 06:01:03
- Source cve@mitre.org
- CVE-Watchlists
- Open
LoginThe Net::Netmask module before 2.0000 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.
Data is provided by the National Vulnerability Database (NVD)
Net::netmask Project ≫ Net::netmask SwPlatformperl Version < 2.0000
Fedoraproject ≫ Fedora Version32
Fedoraproject ≫ Fedora Version33
Fedoraproject ≫ Fedora Version34
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.09% | 0.256 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:N
|
CWE-704 Incorrect Type Conversion or Cast
The product does not correctly convert an object, resource, or structure from one type to a different type.