BIT-golang-2021-29923

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/golang/BIT-golang-2021-29923.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-golang-2021-29923
Aliases
Published
2024-03-06T11:06:07.577Z
Modified
2024-03-06T11:25:28.861Z
Summary
[none]
Details

Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR.

Database specific
{
    "cpes": [
        "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*"
    ],
    "severity": "High"
}
References

Affected packages

Bitnami / golang

Package

Name
golang
Purl
pkg:bitnami/golang

Severity

  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.17.0