PT-2021-17310 · Unknown · Get-Ip-Range

Published

2021-02-11

Updated

2022-04-29

CVE-2021-27191

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: get-ip-range versions prior to 4.0.0

Description: The issue allows for denial of service (DoS) if the range is untrusted input. An attacker could send a large range, such as 128.0.0.0/1, that causes resource exhaustion.

Recommendations: Update the get-ip-range dependency to 4.0.0 or above. As a temporary workaround, consider validating and sanitizing the input range to prevent large, untrusted inputs from causing resource exhaustion. Restrict access to the get-ip-range package until the issue is resolved.

Exploit

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2021-27191

GHSA-6Q4W-3WP4-Q5WF

Affected Products

Get-Ip-Range

PT-2021-17310 · Unknown · Get-Ip-Range

CVE-2021-27191

Weakness Enumeration

Related Identifiers

Affected Products

References · 12