Dave Rolsky discovered that Net::CIDR::Lite did not properly handle extraneous zero characters at the beginning of an IP address string. A remote attacker could possibly use this issue to bypass access controls that are based on IP addresses. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2021-47154)
It was discovered that Net::CIDR::Lite did not properly validate the IPv6 group count when handling uncompressed IPv6 addresses. A remote attacker could possibly use this issue to bypass access controls. (CVE-2026-40198)
It was discovered that Net::CIDR::Lite mishandled IPv4 mapped IPv6 addresses. A remote attacker could possibly use this issue to bypass access controls that are based on IP addresses. (CVE-2026-40199)
0.22-1ubuntu0.10.22-2ubuntu0.24.04.10.22-2ubuntu0.25.10.10.22-2ubuntu0.26.04.10.21-1ubuntu0.16.04.1~esm10.21-1ubuntu0.18.04.1~esm10.21-2ubuntu0.1+esm1