10 matches found
Astra Linux - уязвимость в golang-1.19
The various “Is” methods IsPrivate, IsLoopback, etc. did not work as expected for IPv4-mapped IPv6 addresses. They returned false for addresses that would return true in their traditional IPv4 form...
Server-side Request Forgery (SSRF)
Overview ip is a Node library. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the ip.isPublic and ip.isPrivate functions. An attacker can interact with internal network resources by supplying specially crafted IP address such as octal localhost format...
golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses
A flaw was found in the Go language standard library net/netip. The method Is IsPrivate, IsPublic, etc doesn't behave properly when working with IPv6 mapped to IPv4 addresses. The unexpected behavior can lead to integrity and confidentiality issues, specifically when these methods are used to...
The vulnerability of the `net-netip` component in the Golang programming language, related to improper access control, allows attackers to bypass existing access restrictions policies.
The vulnerability of the net-netip component in the Golang programming language is related to the incorrect operation of methods such as Is IsPrivate, IsLoopback, etc.. Exploiting this vulnerability can allow an attacker to circumvent existing access control policies...
AZL-42403 CVE-2024-24790 affecting package golang for versions less than 1.21.11-1
The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms...
AZL-79050 CVE-2024-24790 affecting package golang 1.25.7-1
The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms...
AZL-42409 CVE-2024-24790 affecting package golang for versions less than 1.18.8-4
The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms...
SUSE CVE-2024-24790
The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms...
Improper Check for Unusual or Exceptional Conditions
Overview std/net/netip is a Go standard library package std/net/netip Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions. Go Vulnerability Report:The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6...
Server Side Request Forgery (SSRF)
ip is vulnerable to Server Side Request Forgery. The vulnerability is due to the isPublic function's failure to interpret and classify hexadecimal IP address representations. If an application utilizes the isPublic or isPrivate functions to determine if an address is public, an attacker can prefo...