The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2024/06/04/1 | Mailing List Third Party Advisory |
https://go.dev/cl/590316 | Patch |
https://go.dev/issue/67680 | Issue Tracking |
https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ | Release Notes |
https://pkg.go.dev/vuln/GO-2024-2887 | Third Party Advisory |
Configurations
History
18 Jun 2024, 17:59
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.openwall.com/lists/oss-security/2024/06/04/1 - Mailing List, Third Party Advisory | |
References | () https://go.dev/cl/590316 - Patch | |
References | () https://go.dev/issue/67680 - Issue Tracking | |
References | () https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ - Release Notes | |
References | () https://pkg.go.dev/vuln/GO-2024-2887 - Third Party Advisory | |
CPE | cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
First Time |
Golang
Golang go |
|
CWE | NVD-CWE-noinfo |
10 Jun 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
06 Jun 2024, 14:17
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
05 Jun 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-05 16:15
Updated : 2024-09-03 18:35
NVD link : CVE-2024-24790
Mitre link : CVE-2024-24790
CVE.ORG link : CVE-2024-24790
JSON object : View
Products Affected
golang
- go
CWE