CVE-2026-49941
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Net::CIDR::Set versions through 0.20 for Perl did not validate IP addresses.
The add method called the _encode method to parse addresses. If the addresses did not look like netmasks or network ranges, then they were assumed to single IP addresses and passed back to itself as a 32-bit or 128-bit netmask.
If the argument was not a well-formed IP address, then this would lead to indefinite recursion.
An attacker could use this to cause a denial of service.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| RRWO | Net::CIDR::Set | 0 <= 0.20 | affected |
Weaknesses
- CWE-1287: CWE-1287 Improper Validation of Specified Type of Input
- CWE-674: CWE-674 Uncontrolled Recursion
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.