CVE-2024-24790

Public on 2024-06-05
Modified on 2024-08-27
Description
The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.
Severity
Medium severity
Medium
CVSS v3 Base Score
6.2
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 2 - Docker Extra amazon-ecr-credential-helper Pending Fix
Amazon Linux 2 - Ecs Extra amazon-ecr-credential-helper Pending Fix
Amazon Linux 2023 amazon-ecr-credential-helper Pending Fix
Amazon Linux 2 - Core amazon-ssm-agent Pending Fix
Amazon Linux 2023 amazon-ssm-agent Pending Fix
Amazon Linux 2 - Core cni-plugins Pending Fix
Amazon Linux 2023 cni-plugins Pending Fix
Amazon Linux 2 - Docker Extra containerd Pending Fix
Amazon Linux 2023 containerd Pending Fix
Amazon Linux 2 - Core cri-tools Pending Fix
Amazon Linux 1 docker No Fix Planned
Amazon Linux 2 - Docker Extra docker Pending Fix
Amazon Linux 2 - Ecs Extra docker Pending Fix
Amazon Linux 2023 docker Pending Fix
Amazon Linux 2 - Ecs Extra ecs-init Pending Fix
Amazon Linux 2023 ecs-init Not Affected
Amazon Linux 1 golang No Fix Planned
Amazon Linux 2 - Core golang 2024-06-19 ALAS2-2024-2576 Fixed
Amazon Linux 2023 golang 2024-06-19 ALAS2023-2024-646 Fixed
Amazon Linux 2 - Core nerdctl Pending Fix
Amazon Linux 2023 nerdctl Not Affected
Amazon Linux 2 - Docker Extra runc Pending Fix
Amazon Linux 2023 runc Pending Fix

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 6.2 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L
NVD CVSSv3 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H