Nixpkgs security tracker

Login with GitHub

Details of issue NIXPKGS-2026-1474

NIXPKGS-2026-1474

GitHub issue published on

Permalink CVE-2026-45191

updated 1 week, 4 days ago by @LeSuisse Activity log

Created suggestion 1 week, 5 days ago
@LeSuisse ignored maintainer @stigtsp 1 week, 4 days ago maintainer.ignore
@LeSuisse accepted 1 week, 4 days ago
@LeSuisse published on GitHub 1 week, 4 days ago

Net::CIDR::Lite versions before 0.24 for Perl does not properly consider extraneous zero characters in CIDR mask values, which may allow IP ACL bypass

Net::CIDR::Lite versions before 0.24 for Perl does not properly consider extraneous zero characters in CIDR mask values, which may allow IP ACL bypass. Mask forms like "/00" and "/01" pass validation and parse to the same prefix as their unpadded value. See also CVE-2026-45190.

References

Affected products

Net-CIDR-Lite

<0.24

Matching in nixpkgs

pkgs.perlPackages.NetCIDRLite

Perl extension for merging IPv4 or IPv6 CIDR addresses

nixos-unstable 0.23
- nixpkgs-unstable 0.23
- nixos-unstable-small 0.23
nixos-25.11 0.23
- nixos-25.11-small 0.23
- nixpkgs-25.11-darwin 0.23

pkgs.perl5Packages.NetCIDRLite

Perl extension for merging IPv4 or IPv6 CIDR addresses

nixos-unstable 0.23
- nixpkgs-unstable 0.23
- nixos-unstable-small 0.23

pkgs.perl538Packages.NetCIDRLite

Perl extension for merging IPv4 or IPv6 CIDR addresses

nixos-25.11 0.23
- nixos-25.11-small 0.23
- nixpkgs-25.11-darwin 0.23

pkgs.perl540Packages.NetCIDRLite

Perl extension for merging IPv4 or IPv6 CIDR addresses

nixos-25.11 0.23
- nixos-25.11-small 0.23
- nixpkgs-25.11-darwin 0.23

Package maintainers

Ignored maintainers (1)

@stigtsp Stig Palmquist <stig@stig.io>