vulnerability
Amazon Linux 2023: CVE-2024-24790: Medium priority package update for golang (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:L/AC:M/Au:N/C:C/I:C/A:N) | Jun 4, 2024 | Feb 17, 2025 | Jul 4, 2025 |
Severity
6
CVSS
(AV:L/AC:M/Au:N/C:C/I:C/A:N)
Published
Jun 4, 2024
Added
Feb 17, 2025
Modified
Jul 4, 2025
Description
The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.
A flaw was found in the Go language standard library net/netip. The method Is*() (IsPrivate(), IsPublic(), etc) doesn't behave properly when working with IPv6 mapped to IPv4 addresses. The unexpected behavior can lead to integrity and confidentiality issues, specifically when these methods are used to control access to resources or data.
A flaw was found in the Go language standard library net/netip. The method Is*() (IsPrivate(), IsPublic(), etc) doesn't behave properly when working with IPv6 mapped to IPv4 addresses. The unexpected behavior can lead to integrity and confidentiality issues, specifically when these methods are used to control access to resources or data.
Solutions
amazon-linux-2023-upgrade-amazon-ecr-credential-helperamazon-linux-2023-upgrade-amazon-ssm-agentamazon-linux-2023-upgrade-containerdamazon-linux-2023-upgrade-containerd-debuginfoamazon-linux-2023-upgrade-containerd-debugsourceamazon-linux-2023-upgrade-containerd-stressamazon-linux-2023-upgrade-containerd-stress-debuginfoamazon-linux-2023-upgrade-dockeramazon-linux-2023-upgrade-docker-debuginfoamazon-linux-2023-upgrade-docker-debugsourceamazon-linux-2023-upgrade-golangamazon-linux-2023-upgrade-golang-binamazon-linux-2023-upgrade-golang-docsamazon-linux-2023-upgrade-golang-miscamazon-linux-2023-upgrade-golang-sharedamazon-linux-2023-upgrade-golang-srcamazon-linux-2023-upgrade-golang-testsamazon-linux-2023-upgrade-runcamazon-linux-2023-upgrade-runc-debuginfoamazon-linux-2023-upgrade-runc-debugsource
References
- CVE-2024-24790
- https://attackerkb.com/topics/CVE-2024-24790
- URL-https://alas.aws.amazon.com/AL2023/ALAS-2024-646.html
- URL-https://alas.aws.amazon.com/AL2023/ALAS-2024-697.html
- URL-https://alas.aws.amazon.com/AL2023/ALAS-2024-710.html
- URL-https://alas.aws.amazon.com/AL2023/ALAS-2024-711.html
- URL-https://alas.aws.amazon.com/AL2023/ALAS-2024-734.html
- URL-https://alas.aws.amazon.com/AL2023/ALAS-2024-735.html
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.