CVE-2024-24790

Name
CVE-2024-24790
Description
The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.
NVD Severity
unknown
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
https://go.dev/cl/590316
https://go.dev/issue/67680
https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ
https://pkg.go.dev/vuln/GO-2024-2887
http://www.openwall.com/lists/oss-security/2024/06/04/1

Match rules

CPE URI Source package Min version Max version
net/netip >= 0 < 1.21.11
net/netip >= 1.22.0-0 < 1.22.4

Vulnerable and fixed packages

Source package Branch Version Maintainer Status