Alerts This Week
Warning Icon 1 619
Alerts This Week
Warning Icon 1 619

Fedora 42 perl-Net-CIDR Critical Leading Zeros Issue 2026-baf8782c7a

fedora
Calendar Grey March 10, 2026
Dist Fedora Esm H88
Update for Net::CIDR in Fedora 42 handles leading zeros properly to prevent unexpected impact. Get the fix now!
Net::CIDR versions before 0.24 for Perl mishandle leading zeros in IP CIDR addresses, which may have unspecified impact

Summary

The Net::CIDR package contains functions that manipulate lists of IP netblocks

expressed in CIDR notation. The Net::CIDR functions handle both IPv4 and IPv6

addresses.

Update Information:

Net::CIDR versions before 0.24 for Perl mishandle leading zeros in IP CIDR addresses, which may have unspecified impact. The functions addr2cidr and cidrlookup may return leading zeros in a CIDR string, which may in turn be parsed as octal numbers by subsequent users. Current versions of the module strip leading zeros from octets.

Topics%20covered

Topics Covered

security advisory fedora vulnerability impact leading zeros net-cidr

Change Log

* Wed Aug 13 2025 Paul Howarth - 0.27-1 - Update to 0.27 (rhbz#2388145) - cidrvalidate() bug fix (GH#9) * Mon Jun 23 2025 Paul Howarth - 0.26-1 - Update to 0.26 (rhbz#2374271) - cidrvalidate() should accept IPv6 addresses with one uncompressed 0 * Sat May 24 2025 Paul Howarth - 0.25-1 - Update to 0.25 (rhbz#2368340) - Fix warning with Perl 5.40 * Wed May 21 2025 Paul Howarth - 0.24.1-1 - Update to 0.24.1 - Strip extra leading zeros from octets in addr2cidr (GH#4) * Tue May 20 2025 Paul Howarth - 0.24-1 - Update to 0.24 (no changes) * Mon Mar 10 2025 Paul Howarth - 0.23-1 - Update to 0.23 - Add metadata to Makefile.PL and use Test::More (GH#3) * Sun Mar 9 2025 Emmanuel Seyman - 0.22-1 - Update to 0.22 - Improve several error messages - Allow unabbreviated IPv6 addresses - Use %{make_build} and %{make_install} where appropriate

References


[ 1 ] Bug #2443387 - CVE-2021-4456 perl-Net-CIDR: mishandling of leading zeros in IP CIDR addresses [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2443387

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-baf8782c7a' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: perl-Net-CIDR
Product: Fedora 42
Version: 0.27
Release: 1.fc42
URL: https://metacpan.org/dist/Net-CIDR
Summary: Manipulate IPv4/IPv6 netblocks in CIDR notation

Topics%20covered

Topics Covered

security advisory fedora vulnerability impact leading zeros net-cidr

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here