Traefik has unexpected behavior with IPv4-mapped IPv6 addresses | SynScan

Vulnerability Database

289,599

Total vulnerabilities in the database

Traefik has unexpected behavior with IPv4-mapped IPv6 addresses

Impact

There is a vulnerability in Go managing various Is methods (IsPrivate, IsLoopback, etc) for IPv4-mapped IPv6 addresses.

They didn't work as expected returning false for addresses which would return true in their traditional IPv4 forms.

References

CVE-2024-24790

Patches

https://github.com/traefik/traefik/releases/tag/v2.11.4
https://github.com/traefik/traefik/releases/tag/v3.0.2

Workarounds

No workaround.

For more information

If you have any questions or comments about this advisory, please open an issue.

Published: Jun 11, 2024
Updated: Jun 27, 2024
GHSA: GHSA-7jmw-8259-q9jx
Severity: Medium
Exploit:

No technical information available.

CWEs:

CWE-180

Affected Software
References

Software	From	Fixed in
github.com/traefik/traefik/v3	3.0.0-beta3	3.0.2
github.com/traefik/traefik/v2	-	2.11.4
github.com/traefik/traefik	-	2.11.4