PT-2026-39538 · Cpan+2 · Net-Cidr-Lite+2
Stigtsp
·
Published
2026-05-10
·
Updated
2026-06-18
·
CVE-2026-45190
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Net::CIDR::Lite versions prior to 0.24
Description
Net::CIDR::Lite for Perl fails to properly validate IP address and CIDR mask inputs. Inputs containing non-ASCII digit characters or a trailing newline pass validation but are re-encoded by the parser into an address different from the original input string. This can cause the
find() and bin find() functions to incorrectly match or miss addresses, potentially leading to an IP Access Control List (ACL) bypass.Recommendations
Update to version 0.24 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linuxmint
Net-Cidr-Lite
Ubuntu