Impact
The Net::IP::LPM Perl module reads a prefix string into a fixed‑size buffer without checking that the supplied prefix length is within the bounds of the address width. When add() is called with a prefix length larger than 32 for IPv4 or 128 for IPv6, the trie builder walks past the end of the packed address and performs an out‑of‑bounds read of up to 32 bytes. The read does not return data that is used by the module’s public API, but the operation can trigger an abort in hardened allocators or sanitizers, leading to a denial‑of‑service or process termination. The weakness corresponds to CWE‑125.
Affected Systems
The vulnerability afflicts TPODER’s Net::IP::LPM module, versions 1.10 and earlier. Any Perl application that imports this module and calls add() with an unbounded prefix length—from input supplied by an external user or another component—creates a path to the flaw. The issue is limited to the module’s add() functionality and affects only the internal construction of the routing trie.
Risk and Exploitability
Because the flaw is triggered by a plainly visible API call with a user‑supplied prefix length, it is relatively easy for an attacker who can influence that call to exploit the issue and crash the process. No exploit code is required beyond passing a malformed prefix string. The EPSS score is not available and the CVE is not listed in CISA’s KEV catalog, but due to the potential for immediate denial of service the risk remains high in environments that import the affected module. The CVSS score is not provided in the data, but the impact is significant enough that mitigation should take priority.
OpenCVE Enrichment