PT-2024-4045 · Net-Ip+12 · Net-Ip+12

Enze Wang

Published

2024-06-04

Updated

2026-05-27

CVE-2024-24790

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions net-ip version (affected versions not specified) Traefik version (affected versions not specified)

Description The issue is related to the incorrect functioning of the Is methods (such as IsPrivate, IsLoopback, etc.) in the net-ip component of the Golang programming language. This incorrect functioning occurs when handling IPv4-mapped IPv6 addresses, where these methods return false for addresses that would return true in their traditional IPv4 forms. This could allow an attacker to bypass existing access restriction policies.

Recommendations For net-ip, consider temporarily disabling or restricting the use of the Is methods until a patch is available. For Traefik, restrict access to the affected module to minimize the risk of exploitation. Avoid using IPv4-mapped IPv6 addresses in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-180CWE-284

Related Identifiers

ALSA-2024:4212

ALSA-2024:4237

ALSA-2024:5291

ALSA-2024:9115

ALSA-2025:7256

ALT-PU-2024-11781

ALT-PU-2024-11872

ALT-PU-2024-12875

ALT-PU-2024-13971

ALT-PU-2024-14328

ALT-PU-2024-16593

ALT-PU-2024-16754

ALT-PU-2024-8797

ALT-PU-2024-8801

ALT-PU-2024-9856

AZL-42386

AZL-42395

AZL-42403

AZL-42409

AZL-79050

BDU:2024-04486

BIT-GOLANG-2024-24790

CESA-2024_4237

CESA-2024_5291

CESA-2024_8876

CVE-2024-24790

GHSA-49GW-VXVF-FC2G

GHSA-7JMW-8259-Q9JX

GO-2024-2887

GO-2024-2917

INFSA-2024_4212

INFSA-2024_4237

INFSA-2024_5291

INFSA-2024_9115

INFSA-2025_7256

MGASA-2024-0217

OESA-2024-1770

OPENSUSE-SU-2024:14020-1

OPENSUSE-SU-2024:14023-1

OPENSUSE-SU-2024:14077-1

OPENSUSE-SU-2024:14185-1

OPENSUSE-SU-2024:14554-1

OPENSUSE-SU-2024_1970-1

OPENSUSE-SU-2024_3089-1

OPENSUSE-SU-2024_3755-1

OPENSUSE-SU-2025:14723-1

OPENSUSE-SU-2025_0302-1

RHSA-2024:4212

RHSA-2024:4237

RHSA-2024:4893

RHSA-2024:5075

RHSA-2024:5077

RHSA-2024:5202

RHSA-2024:5291

RHSA-2024:5436

RHSA-2024:5442

RHSA-2024:5446

RHSA-2024:6765

RHSA-2024:7987

RHSA-2024:8418

RHSA-2024:8876

RHSA-2024:9115

RHSA-2024_4212

RHSA-2024_4237

RHSA-2024_5291

RHSA-2024_8876

RHSA-2024_9115

RHSA-2025:4664

RHSA-2025:7256

RHSA-2025_7256

RLSA-2024:4212

RLSA-2024:8876

SUSE-SU-2024:1935-1

SUSE-SU-2024:1936-1

SUSE-SU-2024:1969-1

SUSE-SU-2024:1970-1

SUSE-SU-2024:3089-1

SUSE-SU-2024:3360-1

SUSE-SU-2024:3755-1

SUSE-SU-2024:3772-1

SUSE-SU-2024:3938-1

SUSE-SU-2025:0302-1

SUSE-SU-2025:0377-1

SUSE-SU-2025_0302-1

SUSE-SU-2025_0377-1

USN-6886-1

USN-7109-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Traefik

Ubuntu

Net-Ip

PT-2024-4045 · Net-Ip+12 · Net-Ip+12

CVE-2024-24790

Weakness Enumeration

Related Identifiers

Affected Products

References · 197