PT-2026-46266 · Cpan · Net::Cidr::Set
Published
2026-06-03
·
Updated
2026-06-04
·
CVE-2026-49940
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Net::CIDR::Set versions prior to 0.21
Description
The software accepts non-ASCII IP addresses and netmasks. Unicode digits, such as the Arabic-Indic One (U+0661), are accepted but not properly parsed as numbers, which could allow network masks to accept larger networks than intended.
Recommendations
Update to version 0.21.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Net::Cidr::Set