Bugzilla – Bug 1225974
VUL-0: CVE-2024-24790: go1.21,go1.22: net/netip: unexpected behavior from Is methods for IPv4-mapped IPv6 addresses
Last modified: 2024-07-03 04:50:09 UTC
The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms. Thanks to Enze Wang of Alioth (@zer0yu) and Jianjun Chen of Zhongguancun Lab (@chenjj) for reporting this issue. This is CVE-2024-24790 and Go issue https://go.dev/issue/67680.
This is an autogenerated message for OBS integration: This bug (1225974) was mentioned in https://build.opensuse.org/request/show/1178640 Factory / go1.21 https://build.opensuse.org/request/show/1178641 Factory / go1.22
SUSE-SU-2024:1936-1: An update that solves two vulnerabilities and has one security fix can now be installed. Category: security (moderate) Bug References: 1212475, 1225973, 1225974 CVE References: CVE-2024-24789, CVE-2024-24790 Maintenance Incident: [SUSE:Maintenance:34163](https://smelt.suse.de/incident/34163/) Sources used: SUSE Linux Enterprise Software Development Kit 12 SP5 (src): go1.21-1.21.11-1.36.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:1935-1: An update that solves two vulnerabilities and has one security fix can now be installed. Category: security (moderate) Bug References: 1218424, 1225973, 1225974 CVE References: CVE-2024-24789, CVE-2024-24790 Maintenance Incident: [SUSE:Maintenance:34165](https://smelt.suse.de/incident/34165/) Sources used: SUSE Linux Enterprise Software Development Kit 12 SP5 (src): go1.22-1.22.4-1.12.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:1970-1: An update that solves two vulnerabilities and has one security fix can now be installed. Category: security (moderate) Bug References: 1218424, 1225973, 1225974 CVE References: CVE-2024-24789, CVE-2024-24790 Maintenance Incident: [SUSE:Maintenance:34166](https://smelt.suse.de/incident/34166/) Sources used: openSUSE Leap 15.5 (src): go1.22-1.22.4-150000.1.18.1 openSUSE Leap 15.6 (src): go1.22-1.22.4-150000.1.18.1 Development Tools Module 15-SP5 (src): go1.22-1.22.4-150000.1.18.1 Development Tools Module 15-SP6 (src): go1.22-1.22.4-150000.1.18.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:1969-1: An update that solves two vulnerabilities and has one security fix can now be installed. Category: security (moderate) Bug References: 1212475, 1225973, 1225974 CVE References: CVE-2024-24789, CVE-2024-24790 Maintenance Incident: [SUSE:Maintenance:34164](https://smelt.suse.de/incident/34164/) Sources used: Development Tools Module 15-SP5 (src): go1.21-1.21.11-150000.1.36.1 Development Tools Module 15-SP6 (src): go1.21-1.21.11-150000.1.36.1 openSUSE Leap 15.5 (src): go1.21-1.21.11-150000.1.36.1 openSUSE Leap 15.6 (src): go1.21-1.21.11-150000.1.36.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.