CVE-2026-56015
Gravedad:
Pendiente de análisis
Tipo:
CWE-125
Lectura fuera de límites
Fecha de publicación:
03/07/2026
Última modificación:
03/07/2026
Descripción
*** Pendiente de traducción *** Net::IP::LPM versions through 1.10 for Perl allow a heap out-of-bounds read via an unbounded prefix length.<br />
<br />
add() passes the prefix string to the trie builder addPrefixToTrie() without checking it against the address width.<br />
<br />
addPrefixToTrie() then walks the prefix buffer by prefix_length bits, reading prefix[byte] for byte up to prefix_len/8, where prefix is the 4-byte (IPv4) or 16-byte (IPv6) packed address. A prefix length greater than 32 for IPv4 or 128 for IPv6, for example add("1.2.3.4/255", $v) or add("2001:db8::/255", $v), reads past the end of the packed address.<br />
<br />
The out-of-bounds read happens during trie construction and is bounded: the prefix length is stored as an unsigned char, so the bit walk reads at most 32 bytes from the start of the packed address, a short distance past the end of the 4-byte or 16-byte buffer. It is detectable under AddressSanitizer, valgrind, or a hardened allocator, where it can abort the process. Lookups and dump() format only the valid address width, so the out-of-bounds bytes are not exposed through the module&#39;s API.



