6 matches found
EUVD-2021-16397
Malware in sbrugna...
BIT-GOLANG-2021-29923
Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which in some situations allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR...
EulerOS 2.0 SP9 : golang (EulerOS-SA-2022-1007)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which in some situations allows...
CVE-2021-29923
Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which in some situations allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR...
CVE-2021-29923
Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which in some situations allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR...
CVE-2021-29923
CVE-2021-29923 describes a weakness in Go’s IP address parsing (net.ParseIP/net.ParseCIDR) where extraneous leading zeros in an octet can cause unintended octal interpretation, bypassing IP-based access controls. The issue affects Go versions before 1.17. Several connected advisories note patches...