CVE-2024-24790
CVE Details
Visit the official vulnerability details page for CVE-2024-24790 to learn more.
Initial Publication
10/25/2024
Last Update
12/16/2024
Third Party Dependency
go
NIST CVE Summary
The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.
CVE Severity
Our Official Summary
This vulnerability is reported on some of the third party components. CVE flaw analysis reported by golang, states this function returns wrong information in some instances, and really doesnt compromise availability or confidentiality.
This risk of exploitation for our products is very low. It requires attackers to execute code in the local context and requires privileged access. We will upgrade the images when the fixes are available from the upstream vendors.
Status
Ongoing
Affected Products & Versions
| Version | Palette Enterprise | Palette Enterprise Airgap | VerteX | VerteX Airgap |
|---|---|---|---|---|
| 4.5.15 | ✅ No Impact | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted |
| 4.5.11 | ✅ No Impact | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted |
| 4.5.10 | ✅ No Impact | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted |
| 4.5.8 | ✅ No Impact | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted |
| 4.5.5 | ✅ No Impact | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted |
| 4.5.4 | ✅ No Impact | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted |
| 4.4.20 | ✅ No Impact | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted |
Revision History
| Date | Revision |
|---|---|
| 12/16/2024 | Impacted versions changed from 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.11 to 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.11, 4.5.15 |
| 12/11/2024 | Official summary revised: This vulnerability is reported on some of the third party components. CVE flaw analysis reported by golang, states this function returns wrong information in some instances, and really doesnt compromise availability or confidentiality.This risk of exploitation for our products is very low. It requires attackers to execute code in the local context and requires privileged access. We will upgrade the images when the fixes are available from the upstream vendors. |
| 11/30/2024 | Advisory is now impacting. |
| 11/15/2024 | Impacted versions changed from 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10 to 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.11 |
| 11/15/2024 | Impacted versions changed from 4.5.4, 4.5.5, 4.5.8, 4.4.20 to 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10 |
| 11/13/2024 | Impacted versions changed from 4.5.4, 4.5.5, 4.5.8 to 4.5.4, 4.5.5, 4.5.8, 4.4.20 |
| 11/10/2024 | Impacted versions changed from 4.5.4, 4.5.5 to 4.5.4, 4.5.5, 4.5.8 |
| 10/27/2024 | Impacted versions changed from 4.5.4 to 4.5.4, 4.5.5 |