Описание
Уязвимость компонента net-netip языка программирования Golang связана с некорректной работой методов Is (IsPrivate, IsLoopback и т. д.). Эксплуатация уязвимости может позволить нарушителю обойти существующую политику ограничения доступа
Вендор
Canonical Ltd.
Novell Inc.
Red Hat Inc.
Сообщество свободного программного обеспечения
ООО «Ред Софт»
The Go Project
Наименование ПО
Ubuntu
OpenSUSE Leap
Red Hat Enterprise Linux
Suse Linux Enterprise Server
SUSE Linux Enterprise Server for SAP Applications
SUSE Linux Enterprise Software Development Kit
openSUSE Tumbleweed
Red Hat Storage
Debian GNU/Linux
РЕД ОС
SUSE Linux Enterprise High Performance Computing
Red Hat Advanced Cluster Management for Kubernetes
Red Hat OpenShift Container Platform
Red Hat OpenStack Platform
SUSE Enterprise Storage
Red Hat Web Terminal
Node Maintenance Operator
OpenShift Developer Tools and Services
Red Hat Ceph Storage
Suse Linux Enterprise Desktop
Service Telemetry Framework
Node HealthCheck Operator
Migration Toolkit for Applications
Migration Toolkit for Virtualization
Red Hat OpenShift Virtualization
OpenShift Serverless
SUSE Linux Enterprise Module for Development Tools
Red Hat Developer Tools
Cryostat
Red Hat Advanced Cluster Security
Migration Toolkit for Containers
OpenShift Pipelines
SUSE Liberty Linux
SUSE Linux Enterprise Module for Containers
Go
Red Hat Ansible Automation Platform
Red Hat Satellite
Версия ПО
16.04 LTS (Ubuntu)
18.04 LTS (Ubuntu)
15.5 (OpenSUSE Leap)
8 (Red Hat Enterprise Linux)
12 SP5 (Suse Linux Enterprise Server)
12 SP5 (SUSE Linux Enterprise Server for SAP Applications)
12 SP5 (SUSE Linux Enterprise Software Development Kit)
- (openSUSE Tumbleweed)
3 (Red Hat Storage)
20.04 LTS (Ubuntu)
11 (Debian GNU/Linux)
12 (Debian GNU/Linux)
7.3 (РЕД ОС)
15 SP3 (SUSE Linux Enterprise Server for SAP Applications)
15 SP2 (SUSE Linux Enterprise Server for SAP Applications)
15 SP2-LTSS (SUSE Linux Enterprise High Performance Computing)
2 (Red Hat Advanced Cluster Management for Kubernetes)
4 (Red Hat OpenShift Container Platform)
15 SP4 (SUSE Linux Enterprise Server for SAP Applications)
22.04 LTS (Ubuntu)
9 (Red Hat Enterprise Linux)
15 SP2-LTSS (Suse Linux Enterprise Server)
16.2 (Red Hat OpenStack Platform)
7.1 (SUSE Enterprise Storage)
- (Red Hat Web Terminal)
- (Node Maintenance Operator)
- (OpenShift Developer Tools and Services)
15 SP3-LTSS (Suse Linux Enterprise Server)
15 SP3-LTSS (SUSE Linux Enterprise High Performance Computing)
5 (Red Hat Ceph Storage)
15 SP5 (SUSE Linux Enterprise Server for SAP Applications)
15 SP5 (Suse Linux Enterprise Server)
15 SP5 (Suse Linux Enterprise Desktop)
1.5 for RHEL 8 (Service Telemetry Framework)
- (Node HealthCheck Operator)
6 (Migration Toolkit for Applications)
- (Migration Toolkit for Virtualization)
4 (Red Hat OpenShift Virtualization)
- (OpenShift Serverless)
15 SP5 (SUSE Linux Enterprise High Performance Computing)
15 SP5 (SUSE Linux Enterprise Module for Development Tools)
4.13 (Red Hat OpenShift Container Platform)
- (Red Hat Developer Tools)
4.12 (Red Hat OpenShift Container Platform)
2 (Cryostat)
17.1 (Red Hat OpenStack Platform)
3 (Red Hat Advanced Cluster Security)
- (Migration Toolkit for Containers)
- (OpenShift Pipelines)
6 (Red Hat Ceph Storage)
9 (SUSE Liberty Linux)
8.8 Extended Update Support (Red Hat Enterprise Linux)
9.2 Extended Update Support (Red Hat Enterprise Linux)
8 (SUSE Liberty Linux)
15 SP4-LTSS (SUSE Linux Enterprise High Performance Computing)
15 SP4-LTSS (Suse Linux Enterprise Server)
4.15 (Red Hat OpenShift Container Platform)
15 SP5 (SUSE Linux Enterprise Module for Containers)
15 SP6 (Suse Linux Enterprise Desktop)
15 SP6 (Suse Linux Enterprise Server)
15 SP6 (SUSE Linux Enterprise Server for SAP Applications)
24.04 LTS (Ubuntu)
15.6 (OpenSUSE Leap)
до 1.21.11 (Go)
от 1.22.0-0 до 1.22.4 (Go)
15 SP6 (SUSE Linux Enterprise Module for Development Tools)
7 (Red Hat Ceph Storage)
7 (Migration Toolkit for Applications)
7 Extended Lifecycle Support (Red Hat Enterprise Linux)
18.0 (Red Hat OpenStack Platform)
4.14 (Red Hat OpenShift Container Platform)
4.16 (Red Hat OpenShift Container Platform)
15 SP6 (SUSE Linux Enterprise Module for Containers)
3 on RHEL 8 (Cryostat)
4.5 (Red Hat Advanced Cluster Security)
4.6 (Red Hat Advanced Cluster Security)
2.4 for RHEL 8 (Red Hat Ansible Automation Platform)
2.4 for RHEL 9 (Red Hat Ansible Automation Platform)
6.15 for RHEL 8 (Red Hat Satellite)
Тип ПО
Операционная система
Прикладное ПО информационных систем
Сетевое средство
ПО программно-аппаратного средства
ПО виртуализации/ПО виртуального программно-аппаратного средства
Сетевое программное средство
Операционные системы и аппаратные платформы
Canonical Ltd. Ubuntu 16.04 LTS
Canonical Ltd. Ubuntu 18.04 LTS
Novell Inc. OpenSUSE Leap 15.5
Red Hat Inc. Red Hat Enterprise Linux 8
Novell Inc. Suse Linux Enterprise Server 12 SP5
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP5
Novell Inc. openSUSE Tumbleweed -
Canonical Ltd. Ubuntu 20.04 LTS
Сообщество свободного программного обеспечения Debian GNU/Linux 11
Сообщество свободного программного обеспечения Debian GNU/Linux 12
ООО «Ред Софт» РЕД ОС 7.3
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP3
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP2
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP4
Canonical Ltd. Ubuntu 22.04 LTS
Red Hat Inc. Red Hat Enterprise Linux 9
Novell Inc. Suse Linux Enterprise Server 15 SP2-LTSS
Novell Inc. Suse Linux Enterprise Server 15 SP3-LTSS
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP5
Novell Inc. Suse Linux Enterprise Server 15 SP5
Novell Inc. Suse Linux Enterprise Desktop 15 SP5
Novell Inc. SUSE Liberty Linux 9
Red Hat Inc. Red Hat Enterprise Linux 8.8 Extended Update Support
Red Hat Inc. Red Hat Enterprise Linux 9.2 Extended Update Support
Novell Inc. SUSE Liberty Linux 8
Novell Inc. Suse Linux Enterprise Server 15 SP4-LTSS
Novell Inc. Suse Linux Enterprise Desktop 15 SP6
Novell Inc. Suse Linux Enterprise Server 15 SP6
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP6
Canonical Ltd. Ubuntu 24.04 LTS
Novell Inc. OpenSUSE Leap 15.6
Red Hat Inc. Red Hat Enterprise Linux 7 Extended Lifecycle Support
Уровень опасности уязвимости
Средний уровень опасности (базовая оценка CVSS 2.0 составляет 5,2)
Средний уровень опасности (базовая оценка CVSS 3.0 составляет 6,2)
Возможные меры по устранению уязвимости
В условиях отсутствия обновлений безопасности от производителя рекомендуется придерживаться "Рекомендаций по безопасной настройке операционных систем LINUX", изложенных в методическом документе ФСТЭК России, утверждённом 25 декабря 2022 года.
Использование рекомендаций:
Для Go:
https://go.dev/cl/590316
https://go.dev/issue/67680
https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ
https://pkg.go.dev/vuln/GO-2024-2887
Для РедОС:
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/cve-2024-24790
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2024-24790
Для Ubuntu:
https://ubuntu.com/security/CVE-2024-24790
Для программных продуктов Novell Inc.:
https://www.suse.com/security/cve/CVE-2024-24790.html
Статус уязвимости
Подтверждена производителем
Наличие эксплойта
Данные уточняются
Информация об устранении
Уязвимость устранена
Ссылки на источники
Идентификаторы других систем описаний уязвимостей
- CVE
EPSS
Процентиль: 39%
0.00171
Низкий
6.2 Medium
CVSS3
5.2 Medium
CVSS2
Связанные уязвимости
CVSS3: 9.8
ubuntu
около 1 года назад
The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.
CVSS3: 6.7
redhat
около 1 года назад
The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.
CVSS3: 9.8
nvd
около 1 года назад
The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.
EPSS
Процентиль: 39%
0.00171
Низкий
6.2 Medium
CVSS3
5.2 Medium
CVSS2