1. Home
  2. Security Advisories
  3. Go
  4. GO-2024-2887

[GO-2024-2887] Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip

Severity Critical
Affected Packages 2
Fixed Packages 2
CVEs 1
Info Packages Vulnerabilities

The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for
IPv4-mapped IPv6 addresses, returning false for addresses which would return
true in their traditional IPv4 forms.

Package Affected Version
pkg:golang/net/netip >= 1.22.3, < 1.21.11
pkg:golang/net/netip >= 1.22.3, < 1.22.4
Package Fixed Version
pkg:golang/net/netip = 1.21.11
pkg:golang/net/netip = 1.22.4
ID
GO-2024-2887
Severity
critical
Severity from
CVE-2024-24790
URL
https://pkg.go.dev/vuln/GO-2024-2887
Published
2024-06-04T22:25:15
(3 months ago)
Modified
2024-06-27T17:38:19
(2 months ago)
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Fixed pkg:golang/net/netip net netip = 1.21.11
Affected pkg:golang/net/netip net netip >= 1.22.3 < 1.21.11
Fixed pkg:golang/net/netip net netip = 1.22.4
Affected pkg:golang/net/netip net netip >= 1.22.3 < 1.22.4
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date