PT-2026-46267 · Cpan · Net::Cidr::Set
Published
2026-06-03
·
Updated
2026-06-04
·
CVE-2026-49941
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Net::CIDR::Set versions prior to 0.21
Description
The software fails to validate IP addresses. The
add() function calls the encode() function to parse addresses; if the input does not resemble netmasks or network ranges, it is treated as a single IP address and passed back to itself as a 32-bit or 128-bit netmask. When a malformed IP address is provided, this process results in indefinite recursion, which can be exploited by an attacker to cause a denial of service.Recommendations
Update to version 0.21.
Fix
Uncontrolled Recursion
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Net::Cidr::Set