4 matches found
BIT-GOLANG-2021-29923
Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which in some situations allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR...
CVE-2021-29923
Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which in some situations allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR...
CVE-2021-29923
Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which in some situations allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR...
CVE-2021-29923
CVE-2021-29923 describes a weakness in Go’s IP address parsing (net.ParseIP/net.ParseCIDR) where extraneous leading zeros in an octet can cause unintended octal interpretation, bypassing IP-based access controls. The issue affects Go versions before 1.17. Several connected advisories note patches...