2 matches found
GHSA-8CP7-RP8R-MG77 OpenClaw has SSRF guard bypass via IPv6 transition over ISATAP
Summary OpenClaw's SSRF hostname/IP guard did not detect ISATAP embedded IPv4 addresses ...:5efe:w.x.y.z. A crafted URL containing an ISATAP IPv6 literal could embed a private IPv4 target for example loopback and bypass private-address filtering in URL-fetching paths. Severity Assessment Rated...
UBUNTU-CVE-2018-20721
URIFUNC in UriParse.c in uriparser before 0.9.1 has an out-of-bounds read in uriParseEx functions for an incomplete URI with an IPv6 address containing an embedded IPv4 address, such as a "//::44.1" address...