CVE-2024-24790 — Misinterpretation of Input in Standard Library NET Netip
Severity
9.8CRITICALNVD
EPSS
0.2%
top 61.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 5
Latest updateNov 14
Description
The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages5 packages
Patches
🔴Vulnerability Details
7GHSA▶
github.com/crossplane/crossplane: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses↗2024-10-25
GHSA▶
GHSA-49gw-vxvf-fc2g: The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would↗2024-06-05
OSV▶
CVE-2024-24790: The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would↗2024-06-05
📋Vendor Advisories
5Microsoft
▶
Red Hat
▶
Debian▶
CVE-2024-24790: golang-1.15 - The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for...↗2024