CVE-2024-24790

Aliases:GO-2024-2887BIT-golang-2024-24790CGA-2fq6-p83q-pm8xGHSA-49gw-vxvf-fc2g

Advisory lineage Upstream: 0 Downstream: 40

Downstream

DEBIAN-CVE-2024-24790 MGASA-2024-0217 OPENSUSE-SU-2024:14020-1 OPENSUSE-SU-2024:14023-1 OPENSUSE-SU-2024:14077-1 OPENSUSE-SU-2024:14185-1

Modified

Published: 05 Jun 2024, 15:13

Last modified:13 Feb 2025, 17:40

Vulnerability Summary

Overall Risk (default)

high

70/100

CVSS Score

9.8 CRITICAL

v3.1 (cve.org)

EPSS Score

0.17% LOW

0% probability +0.09%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

05 Jun 2024, 15:13

Published

Vulnerability first disclosed

13 Feb 2025, 17:40

Last Modified

Vulnerability information updated

Description

The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.

CVSS Metrics

v3.1•CRITICAL•Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 0.17%• Percentile: 38%

Affected Systems

chainguard•gpu-feature-discovery
< 0.8.2-r1
go standard library•net/netip
< 1.21.11 | ≥ 1.22.0-0, < 1.22.4
golang•go
< 1.21.11 | ≥ 1.22.0, < 1.22.4
Go•stdlib
≥ 1.22.0-0, < 1.22.4