Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2021-29923  

Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR.

Source
Severity Medium

Remote Yes

Type Access restriction bypass

Description 

Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR.

AVG-1357 go 2:1.16.7-1 Medium Vulnerable 

https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-016.md
https://github.com/golang/go/issues/30999
https://github.com/golang/go/issues/43389
https://go-review.googlesource.com/c/go/+/325829
https://github.com/golang/go/commit/d3e3d03666bbd8784007bbb78a75864aac786967

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started