[GO-2024-2887] Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip
Severity
Critical
Affected Packages
2
Fixed Packages
2
CVEs
1
The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for
IPv4-mapped IPv6 addresses, returning false for addresses which would return
true in their traditional IPv4 forms.
Package | Affected Version |
---|---|
pkg:golang/net/netip | >= 1.22.3, < 1.21.11 |
pkg:golang/net/netip | >= 1.22.3, < 1.22.4 |
Package | Fixed Version |
---|---|
pkg:golang/net/netip | = 1.21.11 |
pkg:golang/net/netip | = 1.22.4 |
- ID
- GO-2024-2887
- Severity
- critical
- Severity from
- CVE-2024-24790
- URL
- https://pkg.go.dev/vuln/GO-2024-2887
- Published
-
2024-06-04T22:25:15
(3 months ago) - Modified
-
2024-06-27T17:38:19
(2 months ago) - Other Advisories
-
- ALAS2-2024-2576
- ALAS2-2024-2618
- ALPINE:CVE-2024-24790
- ALSA-2024:4212
- ALSA-2024:4237
- ALSA-2024:5291
- ELSA-2024-4212
- ELSA-2024-4237
- ELSA-2024-5291
- FREEBSD:219AAA1E-2AFF-11EF-AB37-5404A68AD561
- FREEBSD:A5C64F6F-2AF3-11EF-A77E-901B0E9408DC
- RHSA-2024:4212
- RHSA-2024:4237
- RHSA-2024:5291
- RLSA-2024:4212
- SUSE-SU-2024:1935-1
- SUSE-SU-2024:1936-1
- SUSE-SU-2024:1969-1
- SUSE-SU-2024:1970-1
- SUSE-SU-2024:3089-1
- USN-6886-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Fixed | pkg:golang/net/netip | net | netip | = 1.21.11 | |||
Affected | pkg:golang/net/netip | net | netip | >= 1.22.3 < 1.21.11 | |||
Fixed | pkg:golang/net/netip | net | netip | = 1.22.4 | |||
Affected | pkg:golang/net/netip | net | netip | >= 1.22.3 < 1.22.4 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |