{"api_version":"1","generated_at":"2026-04-15T05:25:47+00:00","cve":"CVE-2021-29424","urls":{"html":"https://cve.report/CVE-2021-29424","api":"https://cve.report/api/cve/CVE-2021-29424.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-29424","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-29424"},"summary":{"title":"CVE-2021-29424","description":"The Net::Netmask module before 2.0000 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2021-04-06 16:15:00","updated_at":"2023-11-07 03:32:00"},"problem_types":["CWE-704"],"metrics":[],"references":[{"url":"https://metacpan.org/changes/distribution/Net-Netmask#L11-22","name":"https://metacpan.org/changes/distribution/Net-Netmask#L11-22","refsource":"MISC","tags":[],"title":"Changes - metacpan.org","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JF4CYIZELC3NISB3RMV4OCI4GYBC557B/","name":"FEDORA-2021-be62be8c7c","refsource":"","tags":[],"title":"[SECURITY] Fedora 33 Update: perl-Net-Netmask-2.0001-1.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JF4CYIZELC3NISB3RMV4OCI4GYBC557B/","name":"FEDORA-2021-be62be8c7c","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 33 Update: perl-Net-Netmask-2.0001-1.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBJVLXJSWN6DKSF5ADUEERI6M23R3GGP/","name":"FEDORA-2021-3d96cfe6a3","refsource":"","tags":[],"title":"[SECURITY] Fedora 34 Update: perl-Net-Netmask-2.0001-1.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.netapp.com/advisory/ntap-20210604-0007/","name":"https://security.netapp.com/advisory/ntap-20210604-0007/","refsource":"CONFIRM","tags":[],"title":"CVE-2021-29424 Perl Vulnerability in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/","name":"https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/","refsource":"MISC","tags":[],"title":"Security Issues in Perl IP Address distros - House Absolute(ly) Pointless","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y7JIPQAY5OZ5D3DA7INQILU7SGHTHMWB/","name":"FEDORA-2021-c314017fcc","refsource":"","tags":[],"title":"[SECURITY] Fedora 32 Update: perl-Net-Netmask-2.0001-1.fc32 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y7JIPQAY5OZ5D3DA7INQILU7SGHTHMWB/","name":"FEDORA-2021-c314017fcc","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 32 Update: perl-Net-Netmask-2.0001-1.fc32 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBJVLXJSWN6DKSF5ADUEERI6M23R3GGP/","name":"FEDORA-2021-3d96cfe6a3","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 34 Update: perl-Net-Netmask-2.0001-1.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-29424","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29424","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"29424","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"32","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"29424","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"33","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"29424","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"34","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"29424","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"net","cpe5":"","cpe6":"netmask_project","cpe7":"net","cpe8":"","cpe9":"netmask","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"29424","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"net\\","cpe5":"\\","cpe6":"netmask_project","cpe7":"net\\","cpe8":"\\","cpe9":"netmask","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-29424","qid":"179743","title":"Debian Security Update for libnet-netmask-perl (CVE-2021-29424)"},{"cve":"CVE-2021-29424","qid":"281091","title":"Fedora Security Update for Perl-Net-Netmask"},{"cve":"CVE-2021-29424","qid":"281391","title":"Fedora Security Update for perl (FEDORA-2021-3d96cfe6a3)"},{"cve":"CVE-2021-29424","qid":"281392","title":"Fedora Security Update for perl (FEDORA-2021-c314017fcc)"},{"cve":"CVE-2021-29424","qid":"281393","title":"Fedora Security Update for perl (FEDORA-2021-be62be8c7c)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2021-29424","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The Net::Netmask module before 2.0000 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/","refsource":"MISC","name":"https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/"},{"url":"https://metacpan.org/changes/distribution/Net-Netmask#L11-22","refsource":"MISC","name":"https://metacpan.org/changes/distribution/Net-Netmask#L11-22"},{"refsource":"FEDORA","name":"FEDORA-2021-3d96cfe6a3","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBJVLXJSWN6DKSF5ADUEERI6M23R3GGP/"},{"refsource":"FEDORA","name":"FEDORA-2021-be62be8c7c","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JF4CYIZELC3NISB3RMV4OCI4GYBC557B/"},{"refsource":"FEDORA","name":"FEDORA-2021-c314017fcc","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y7JIPQAY5OZ5D3DA7INQILU7SGHTHMWB/"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20210604-0007/","url":"https://security.netapp.com/advisory/ntap-20210604-0007/"}]}},"nvd":{"publishedDate":"2021-04-06 16:15:00","lastModifiedDate":"2023-11-07 03:32:00","problem_types":["CWE-704"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:net\\:\\:netmask_project:net\\:\\:netmask:*:*:*:*:*:perl:*:*","versionEndExcluding":"2.0000","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"29424","Ordinal":"204628","Title":"CVE-2021-29424","CVE":"CVE-2021-29424","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"29424","Ordinal":"1","NoteData":"The Net::Netmask module before 2.0000 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"29424","Ordinal":"2","NoteData":"2021-03-29","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"29424","Ordinal":"3","NoteData":"2021-06-04","Type":"Other","Title":"Modified"}]}}}