vulnerability

Oracle Linux: CVE-2024-24790: ELSA-2024-4212: golang security update (MODERATE) (Multiple Advisories)

Severity
6
CVSS
(AV:L/AC:H/Au:N/C:C/I:C/A:N)
Published
06/04/2024
Added
07/03/2024
Modified
02/25/2025

Description

The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.
A flaw was found in the Go language standard library net/netip. The method Is*() (IsPrivate(), IsPublic(), etc) doesn't behave properly when working with IPv6 mapped to IPv4 addresses. The unexpected behavior can lead to integrity and confidentiality issues, specifically when these methods are used to control access to resources or data.

Solution(s)

oracle-linux-upgrade-delveoracle-linux-upgrade-golangoracle-linux-upgrade-golang-binoracle-linux-upgrade-golang-docsoracle-linux-upgrade-golang-miscoracle-linux-upgrade-golang-srcoracle-linux-upgrade-golang-testsoracle-linux-upgrade-go-toolsetoracle-linux-upgrade-grafanaoracle-linux-upgrade-grafana-selinuxoracle-linux-upgrade-terraform-provider-oci-fips
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.