CVE-2024-24790

June 5, 2024, 4:15 p.m.

None
No Score

Description

The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.

Product(s) Impacted

Product Versions
Go Programming Language
  • []

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://go.dev/cl/590316
https://go.dev/issue/67680
https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ
https://pkg.go.dev/vuln/GO-2024-2887

Tags

security@golang.org
2024-06-05
CVE-2024-24790

Timeline

Published: June 5, 2024, 4:15 p.m.
Last Modified: June 5, 2024, 4:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security@golang.org

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.