Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

CVE-2026-56015

Gravedad:
Pendiente de análisis
Tipo:
CWE-125 Lectura fuera de límites
Fecha de publicación:
03/07/2026
Última modificación:
03/07/2026

Descripción

*** Pendiente de traducción *** Net::IP::LPM versions through 1.10 for Perl allow a heap out-of-bounds read via an unbounded prefix length.<br /> <br /> add() passes the prefix string to the trie builder addPrefixToTrie() without checking it against the address width.<br /> <br /> addPrefixToTrie() then walks the prefix buffer by prefix_length bits, reading prefix[byte] for byte up to prefix_len/8, where prefix is the 4-byte (IPv4) or 16-byte (IPv6) packed address. A prefix length greater than 32 for IPv4 or 128 for IPv6, for example add("1.2.3.4/255", $v) or add("2001:db8::/255", $v), reads past the end of the packed address.<br /> <br /> The out-of-bounds read happens during trie construction and is bounded: the prefix length is stored as an unsigned char, so the bit walk reads at most 32 bytes from the start of the packed address, a short distance past the end of the 4-byte or 16-byte buffer. It is detectable under AddressSanitizer, valgrind, or a hardened allocator, where it can abort the process. Lookups and dump() format only the valid address width, so the out-of-bounds bytes are not exposed through the module&amp;#39;s API.

Impacto