CVE-2024-24790

Опубликовано: 05 июн. 2024

Источник: debian

EPSS Низкий

Описание

The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
golang-1.22	fixed	1.22.4-1		package
golang-1.21	fixed	1.21.11-1		package
golang-1.19	removed			package
golang-1.19	no-dsa		bookworm	package
golang-1.15	removed			package
golang-1.15	no-dsa		bullseye	package
golang-1.11	removed			package
golang-1.11	postponed		buster	package

Примечания

https://groups.google.com/g/golang-announce/c/XbxouI9gY7k
https://github.com/golang/go/issues/67680

EPSS

Процентиль: 39%

0.00171

Низкий

Связанные уязвимости

CVE-2024-24790

CVSS3: 9.8

ubuntu

около 1 года назад

The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.

CVE-2024-24790

CVSS3: 6.7

redhat

около 1 года назад

The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.

CVE-2024-24790

CVSS3: 9.8

nvd

около 1 года назад

The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.

SUSE-SU-2025:0377-1

suse-cvrf

4 месяца назад

Security update for google-osconfig-agent

SUSE-SU-2025:0302-1

suse-cvrf

5 месяцев назад

Security update for google-osconfig-agent

EPSS

Процентиль: 39%

0.00171

Низкий