27 matches found
EUVD-2024-22167
Malicious code in bioql PyPI...
Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip
...
go-toolset:rhel8 security update
An update is available for module.go-toolset, go-toolset, delve, golang, module.golang, module.delve. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Go Toolset...
ROS-20241028-02
The vulnerability of the net-netip component of Golang programming language is related to incorrect operation of Is methods IsPrivate, IsLoopback, etc. methods. Exploitation of the vulnerability can allow an intruder to bypass the existing access restriction policy...
Amazon Linux 2023 : amazon-ecr-credential-helper (ALAS2023-2024-734)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-734 advisory. The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms...
Medium: amazon-ssm-agent
Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...
golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses
A flaw was found in the Go language standard library net/netip. The method Is IsPrivate, IsPublic, etc doesn't behave properly when working with IPv6 mapped to IPv4 addresses. The unexpected behavior can lead to integrity and confidentiality issues, specifically when these methods are used to...
Medium: runc
Issue Overview: The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms. CVE-2024-24790 Affected Packages: runc Issue Correction: Run dnf update runc --releasev...
Amazon Linux 2 : runc (ALASDOCKER-2024-043)
The version of runc installed on the remote host is prior to 1.1.13-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2024-043 advisory. The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6 addresses, returning false for...
Moderate: Red Hat Security Advisory: security update Logging for Red Hat OpenShift - 5.6.21
Moderate -- Logging for Red Hat OpenShift - 5.6.21 Logging for Red Hat OpenShift - 5.6.21 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses CVE-2024-24790...
Moderate: Red Hat Security Advisory: security update Logging for Red Hat OpenShift - 5.8.9
Moderate -- Logging for Red Hat OpenShift - 5.8.9 Logging for Red Hat OpenShift - 5.8.9 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses CVE-2024-24790...
Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2024-646)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-646 advisory. The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with...
Amazon Linux 2 : golang (ALAS-2024-2576)
The version of golang installed on the remote host is prior to 1.22.4-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2576 advisory. The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip...
CVE-2024-24790
A flaw was found in the Go language standard library net/netip. The method Is IsPrivate, IsPublic, etc doesn't behave properly when working with IPv6 mapped to IPv4 addresses. The unexpected behavior can lead to integrity and confidentiality issues, specifically when these methods are used to...
FreeBSD : traefik -- Unexpected behavior with IPv4-mapped IPv6 addresses (219aaa1e-2aff-11ef-ab37-5404a68ad561)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 219aaa1e-2aff-11ef-ab37-5404a68ad561 advisory. The traefik authors report: There is a vulnerability in Go managing various Is methods IsPrivate,...
Updated golang packages fix security vulnerabilities
The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects...
SUSE-SU-2024:1935-1 Security update for go1.22
This update for go1.22 fixes the following issues: go1.21.11 release bsc1212475. - CVE-2024-24789: Fixed mishandling of corrupt central directory record in archive/zip bsc1225973. - CVE-2024-24790: Fixed unexpected behavior from Is methods for IPv4-mapped IPv6 addresses bsc1225974...
BIT-GOLANG-2024-24790 Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip
The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms...
CVE-2024-24790
The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms...
CVE-2024-24790
The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms...