github.com/google/osv-scalibr@v0.4.1/detector/govulncheck/binary/testdata/vulndb/ID/GO-2024-2887.json (about) 1 { 2 "schema_version": "1.3.1", 3 "id": "GO-2024-2887", 4 "modified": "0001-01-01T00:00:00Z", 5 "published": "0001-01-01T00:00:00Z", 6 "aliases": [ 7 "CVE-2024-24790" 8 ], 9 "summary": "Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip", 10 "details": "The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.", 11 "affected": [ 12 { 13 "package": { 14 "name": "stdlib", 15 "ecosystem": "Go" 16 }, 17 "ranges": [ 18 { 19 "type": "SEMVER", 20 "events": [ 21 { 22 "introduced": "0" 23 }, 24 { 25 "fixed": "1.21.11" 26 }, 27 { 28 "introduced": "1.22.0-0" 29 }, 30 { 31 "fixed": "1.22.4" 32 } 33 ] 34 } 35 ], 36 "ecosystem_specific": { 37 "imports": [ 38 { 39 "path": "net/netip", 40 "symbols": [ 41 "Addr.IsGlobalUnicast", 42 "Addr.IsInterfaceLocalMulticast", 43 "Addr.IsLinkLocalMulticast", 44 "Addr.IsLoopback", 45 "Addr.IsMulticast", 46 "Addr.IsPrivate" 47 ] 48 } 49 ] 50 } 51 } 52 ], 53 "references": [ 54 { 55 "type": "FIX", 56 "url": "https://go.dev/cl/590316" 57 }, 58 { 59 "type": "REPORT", 60 "url": "https://go.dev/issue/67680" 61 }, 62 { 63 "type": "WEB", 64 "url": "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ" 65 } 66 ], 67 "credits": [ 68 { 69 "name": "Enze Wang of Alioth (@zer0yu)" 70 }, 71 { 72 "name": "Jianjun Chen of Zhongguancun Lab (@chenjj)" 73 } 74 ], 75 "database_specific": { 76 "url": "https://pkg.go.dev/vuln/GO-2024-2887", 77 "review_status": "REVIEWED" 78 } 79 }