CVE-2024-24790
CRITICALDescription
The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.
Is your site exposed to CVE-2024-24790?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Affected Products
| Vendor | Product |
|---|---|
| golang | go |
| golang | go |
References
Advisories & Patches
Other References
Frequently Asked Questions
What is CVE-2024-24790? +
How severe is CVE-2024-24790? +
What products are affected by CVE-2024-24790? +
How do I check if I'm vulnerable to CVE-2024-24790? +
Related Vulnerabilities
Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other …
When adding a key to a remote agent constraint extensions such as [email protected] were not serialized in the request. Destination …
Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and 'key.SignatureKey' …
The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would …
When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the …
The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration …