From b7166b1fa17b3b14b4c795ace5b3fbf71a0bd04a Mon Sep 17 00:00:00 2001
From: Stig Palmquist <git@stig.io>
Date: Fri, 10 Apr 2026 01:10:22 +0200
Subject: [PATCH] CVE-2026-40199: Fix IPv4 mapped IPv6 packed length

_pack_ipv6() incorrectly included the sentinel byte from _pack_ipv4()
when packing IPv4 mapped addresses. This resulted in incorrect mask and
comparison operations. Possibly allowing IP ACL bypass via find().
---
 Lite.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Lite.pm b/Lite.pm
index acf8f0d..d52efaa 100644
--- a/Lite.pm
+++ b/Lite.pm
@@ -208,7 +208,7 @@ sub _pack_ipv6 {
     return if $ipv4 and @nums > 6;
     return unless $empty or @nums == ($ipv4 ? 6 : 8);
     $str =~ s/X/"0" x (($ipv4 ? 25 : 33)-length($str))/e if $empty;
-    pack("H*", "00" . $str).$ipv4;
+    pack("H*", "00" . $str).substr($ipv4, 1);
 }
 
 sub _unpack_ipv6 {