Vulnerability in Stigtsp Net::cidr::lite

CVE-2026-40199

Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass. _pack_ipv6() includes the sentinel byte from _pack_ipv4() when building the packed representation of IPv4 mapped addresses…

EPSS: 0.000 (2.0th percentile) — read the EPSS interpretation.

Affected products

Stigtsp Net::cidr::lite — versions 0

Weakness classification (CWE)

CWE-130 — Improper Handling of Length Parameter Inconsistency

References

github.com/stigtsp/Net-CIDR-Lite/commit/b7166b1fa17b3b14b4c795ace5b3fbf71a0bd04… (patch)
metacpan.org/release/STIGTSP/Net-CIDR-Lite-0.23/changes (release-notes)
www.cve.org/CVERecord (related)