{"id":"USN-8406-1","summary":"libnet-cidr-lite-perl vulnerabilities","details":"Dave Rolsky discovered that Net::CIDR::Lite did not properly handle\nextraneous zero characters at the beginning of an IP address string. A\nremote attacker could possibly use this issue to bypass access controls\nthat are based on IP addresses. This issue only affected Ubuntu 16.04 LTS\nand Ubuntu 18.04 LTS. (CVE-2021-47154)\n\nIt was discovered that Net::CIDR::Lite did not properly validate the IPv6\ngroup count when handling uncompressed IPv6 addresses. A remote attacker\ncould possibly use this issue to bypass access controls. (CVE-2026-40198)\n\nIt was discovered that Net::CIDR::Lite mishandled IPv4 mapped IPv6\naddresses. A remote attacker could possibly use this issue to bypass access\ncontrols that are based on IP addresses. (CVE-2026-40199)","modified":"2026-06-08T23:14:21.920330254Z","published":"2026-06-08T16:06:45Z","related":["UBUNTU-CVE-2021-47154","UBUNTU-CVE-2026-40198","UBUNTU-CVE-2026-40199"],"upstream":["CVE-2021-47154","CVE-2026-40198","CVE-2026-40199","UBUNTU-CVE-2021-47154","UBUNTU-CVE-2026-40198","UBUNTU-CVE-2026-40199"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-8406-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-47154"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-40198"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-40199"}],"affected":[{"package":{"name":"libnet-cidr-lite-perl","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/libnet-cidr-lite-perl?arch=source&distro=esm-apps-legacy%2Fxenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.21-1ubuntu0.16.04.1~esm1"}]}],"versions":["0.21-1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro","binaries":[{"binary_version":"0.21-1ubuntu0.16.04.1~esm1","binary_name":"libnet-cidr-lite-perl"}]},"database_specific":{"cves_map":{"cves":[{"id":"CVE-2021-47154","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-40198","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-40199","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:Pro:16.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8406-1.json"}},{"package":{"name":"libnet-cidr-lite-perl","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/libnet-cidr-lite-perl?arch=source&distro=esm-infra%2Fbionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.21-1ubuntu0.18.04.1~esm1"}]}],"versions":["0.21-1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro","binaries":[{"binary_name":"libnet-cidr-lite-perl","binary_version":"0.21-1ubuntu0.18.04.1~esm1"}]},"database_specific":{"cves_map":{"cves":[{"id":"CVE-2021-47154","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-40198","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-40199","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:Pro:18.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8406-1.json"}},{"package":{"name":"libnet-cidr-lite-perl","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/libnet-cidr-lite-perl?arch=source&distro=esm-infra%2Ffocal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.21-2ubuntu0.1+esm1"}]}],"versions":["0.21-2","0.21-2ubuntu0.1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro","binaries":[{"binary_version":"0.21-2ubuntu0.1+esm1","binary_name":"libnet-cidr-lite-perl"}]},"database_specific":{"cves_map":{"cves":[{"id":"CVE-2026-40198","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-40199","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:Pro:20.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8406-1.json"}},{"package":{"name":"libnet-cidr-lite-perl","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/libnet-cidr-lite-perl?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.22-1ubuntu0.1"}]}],"versions":["0.22-1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"0.22-1ubuntu0.1","binary_name":"libnet-cidr-lite-perl"}]},"database_specific":{"cves_map":{"cves":[{"id":"CVE-2026-40198","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-40199","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:22.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8406-1.json"}},{"package":{"name":"libnet-cidr-lite-perl","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/libnet-cidr-lite-perl?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.22-2ubuntu0.24.04.1"}]}],"versions":["0.22-2"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"0.22-2ubuntu0.24.04.1","binary_name":"libnet-cidr-lite-perl"}]},"database_specific":{"cves_map":{"cves":[{"id":"CVE-2026-40198","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-40199","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:24.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8406-1.json"}},{"package":{"name":"libnet-cidr-lite-perl","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/libnet-cidr-lite-perl?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.22-2ubuntu0.25.10.1"}]}],"versions":["0.22-2"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"0.22-2ubuntu0.25.10.1","binary_name":"libnet-cidr-lite-perl"}]},"database_specific":{"cves_map":{"cves":[{"id":"CVE-2026-40198","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-40199","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:25.10"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8406-1.json"}},{"package":{"name":"libnet-cidr-lite-perl","ecosystem":"Ubuntu:26.04:LTS","purl":"pkg:deb/ubuntu/libnet-cidr-lite-perl?arch=source&distro=resolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.22-2ubuntu0.26.04.1"}]}],"versions":["0.22-2"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"libnet-cidr-lite-perl","binary_version":"0.22-2ubuntu0.26.04.1"}]},"database_specific":{"cves_map":{"cves":[{"id":"CVE-2026-40198","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-40199","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:26.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8406-1.json"}}],"schema_version":"1.7.5"}