CVE-2021-47155: 
Strawberry Perl vulnerability analysis and mitigation

The Net::IPV4Addr module 0.10 for Perl contains a vulnerability related to improper handling of IP address strings with extraneous zero characters. This vulnerability was identified and tracked as CVE-2021-47155. The affected module fails to properly consider octal notation in IP addresses, which means that an address like '010.0.0.1' would be incorrectly interpreted as '10.0.0.1' instead of its actual value '8.0.0.1' (Debian Tracker).

The vulnerability stems from the module's failure to properly parse IP addresses containing leading zeros. When an IP address contains octets with leading zeros (e.g., '010.0.0.1'), these should be interpreted as octal numbers according to POSIX standards. However, the module incorrectly treats them as decimal numbers, leading to misinterpretation of IP addresses (House Blog).

The vulnerability could allow attackers to bypass access control mechanisms that are based on IP addresses. For example, an attacker could potentially trick the system into treating a public IP address as if it were part of a private subnet, or vice versa, by using octal notation (Debian Tracker).

The module appears to be no longer maintained, as emails to the author bounce. Users are advised to consider alternative IP address handling modules that correctly handle octal notation in IP addresses (House Blog).