Adventures in Validating IPv4 Addresses, (Thu, Oct 26th)

This post was originally published on this site

It should be pretty easy to validate an IP address. IPv4 addresses are 32-bit unsigned integers, and IPv6 addresses are 128-bit unsigned integers. Things get "interesting" when developers attempt to validate IP addresses as a string. There have been a few interesting vulnerabilities around this issue (CVE-2021-28918, CVE-2021-29921, CVE-2021-29418).

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.