[FREEBSD:219AAA1E-2AFF-11EF-AB37-5404A68AD561] traefik -- Unexpected behavior with IPv4-mapped IPv6 addresses
Severity
Critical
Affected Packages
1
CVEs
1
The traefik authors report:
There is a vulnerability in Go managing various Is methods
(IsPrivate, IsLoopback, etc) for IPv4-mapped IPv6 addresses.
They didn't work as expected returning false for addresses
which would return true in their traditional IPv4 forms.
Package | Affected Version |
---|---|
pkg:freebsd/traefik | < 2.11.4 |
- ID
- FREEBSD:219AAA1E-2AFF-11EF-AB37-5404A68AD561
- Severity
- critical
- Severity from
- CVE-2024-24790
- URL
- http://vuxml.freebsd.org/freebsd/219aaa1e-2aff-11ef-ab37-5404a68ad561.html
- Published
-
2024-06-05T00:00:00
(3 months ago) - Modified
-
2024-06-15T00:00:00
(3 months ago) - Rights
- FreeBSD VuXML Security Team
- Other Advisories
-
- ALAS2-2024-2576
- ALAS2-2024-2618
- ALPINE:CVE-2024-24790
- ALSA-2024:4212
- ALSA-2024:4237
- ALSA-2024:5291
- ELSA-2024-4212
- ELSA-2024-4237
- ELSA-2024-5291
- FREEBSD:A5C64F6F-2AF3-11EF-A77E-901B0E9408DC
- GO-2024-2887
- RHSA-2024:4212
- RHSA-2024:4237
- RHSA-2024:5291
- RLSA-2024:4212
- SUSE-SU-2024:1935-1
- SUSE-SU-2024:1936-1
- SUSE-SU-2024:1969-1
- SUSE-SU-2024:1970-1
- SUSE-SU-2024:3089-1
- USN-6886-1
Source | # ID | Name | URL |
---|---|---|---|
FreeBSD VuXML | https://github.com/traefik/traefik/security/advisories/GHSA-7jmw-8259-q9jx |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:freebsd/traefik | traefik | < 2.11.4 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |