AZL-79056

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-79056.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-79056

Upstream

CVE-2021-29923

Published

2021-08-07T17:15:07Z

Modified

2026-04-01T05:23:22.445204Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

CVE-2021-29923 affecting package golang 1.25.7-1

Details

Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR.

References

https://nvd.nist.gov/vuln/detail/CVE-2021-29923

Affected packages

Azure Linux:3 / golang

Package

Name: golang
Purl: pkg:rpm/azure-linux/golang

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

1.25.7-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-79056.json"