Nixpkgs security tracker
NIXPKGS-2026-1472
GitHub issue
published 1 month, 2 weeks ago
by @LeSuisse Activity log
- Created suggestion
- @LeSuisse ignored maintainer @stigtsp maintainer.ignore
- @LeSuisse accepted
- @LeSuisse published on GitHub
Net::CIDR::Lite versions before 0.24 for Perl does not properly validate IP address and CIDR mask inputs, which may allow IP ACL bypass
Net::CIDR::Lite versions before 0.24 for Perl does not properly validate IP address and CIDR mask inputs, which may allow IP ACL bypass. Inputs containing a trailing newline or non-ASCII digit characters pass the validators but are then re-encoded by the parser to a different address than the input string spelled. find() and bin_find() can match or miss addresses as a result. Example: my $cidr = Net::CIDR::Lite->new(); $cidr->add("::1\n/128"); $cidr->find("::1a"); # incorrectly returns true See also CVE-2026-45191.
References
Affected products
Net-CIDR-Lite
- <0.24
Matching in nixpkgs
pkgs.perlPackages.NetCIDRLite
Perl extension for merging IPv4 or IPv6 CIDR addresses
pkgs.perl5Packages.NetCIDRLite
Perl extension for merging IPv4 or IPv6 CIDR addresses
pkgs.perl538Packages.NetCIDRLite
None
pkgs.perl540Packages.NetCIDRLite
None
Package maintainers
Ignored maintainers (1)
-
@stigtsp Stig Palmquist <stig@stig.io>