Security problems do not always arise from programming errors, but simply from the fact that certain components behave differently than they are actually intended. This currently affects one of the most important network libraries, Netmask.
A group of security researchers have jointly drawn attention to the problem in the netmask library. This is unlikely to be familiar to a normal user. However, it is integrated as an external component in a large number of applications that communicate via networks. On the GitHub developer platform alone, there are 278,000 projects that are dependent on this library, this gives you an instance of how important is this library for users and how many users could be visiting this library every day.
Although this has been a standard for processing IPv4 addresses for a long time, it does not do its job correctly in terms of the specifications and that can lead to problems that are related to safety. Therefore, the whole matter was recorded under the ID CVE-2021-28918 in the vulnerability databases, as reported by BleepingComputer.
IPv4 addresses can by no means only be written in decimal form. Most users, for example, are familiar with 127.0.0.1, which always refers to the local system. In the IPV4 specifications, however, it is also provided that other number systems can be used as well. Accordingly, a leading zero means that 0127.0.0.1 is viewed as octal notation – translated into the decimal system, it would be the IP address 22.214.171.124.
The netmask library, currently ignores the specification in the specifications – which has so far not been noticed because there is probably simply no one who uses number systems other than decimal for IP addresses. If you leave the parsing of the address to netmask, the leading zero is simply ignored. And this is exactly what can lead to considerable problems in conjunction with other software components that properly handle addresses.
In the simplest case, a software for the risk analysis at netmask asks for the correct IP formatting and receives the 127.0.0.1 returned. Since this is the local system, there would be no concern about loading and executing code from here. However, if the tested program then works with components that function according to the specifications, the code would be loaded from an external IP address that may belong to malicious hackers.
In a similar form, various other combinations are also possible with which suddenly untrustworthy addresses could be classified as secure. Some filter systems could also be bypassed in this way – such as firewalls that regulate external access to critical infrastructures. A corrected version of netmask has already been provided by the developers, but it can take a long time for it to be Implemented into all software projects based on it.
Manager at Research Snipers, RS-NEWS, Digital marketing enthusiast and industry professional in Digital Marketing, Social Media, Business News, and Technology News, with vast experience in the media industry, I have a keen interest in business technology, News breaking.