CVE-2024-24790

Summary

The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.

Affected Software

VendorProductVersion RangeStatus
Go standard librarynet/netip0 < 1.21.11affected
Go standard librarynet/netip1.22.0-0 < 1.22.4affected

Weaknesses

  • CWE-180: Incorrect Behavior Order: Validate Before Canonicalize

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References