cvelistv5 - cve-2021-29923

CVE-2021-29923 (GCVE-0-2021-29923)

Vulnerability from cvelistv5 – Published: 2021-08-07 16:38 – Updated: 2024-08-03 22:18

Summary

Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://golang.org/pkg/net/#ParseCIDR	x_refsource_MISC
	https://www.oracle.com/security-alerts/cpujan2022.html	x_refsource_MISC
	https://defcon.org/html/defcon-29/dc-29-speakers.…	x_refsource_MISC
	https://github.com/golang/go/issues/43389	x_refsource_MISC
	https://github.com/golang/go/issues/30999	x_refsource_MISC
	https://go-review.googlesource.com/c/go/+/325829/	x_refsource_MISC
	https://github.com/sickcodes/security/blob/master…	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://security.gentoo.org/glsa/202208-02	vendor-advisoryx_refsource_GENTOO

Show details on NVD website

Vendor	Product	Description
IBM	Sterling Connect:Direct	Services Web IBM Sterling Connect:Direct versions 6.2.x antérieures à 6.2.0.20
IBM	Sterling Connect:Direct	Interface utilisateur IBM Sterling Connect:Direct versions 1.x antérieures à 1.5.0.2 iFix-39
IBM	QRadar	Agent QRadar WinCollect (Standalone) versions antérieures à 10.1.8
IBM	Sterling Connect:Direct	Services Web IBM Sterling Connect:Direct versions 6.0.x à 6.1.x antérieures à 6.1.0.22
IBM	QRadar	Suite QRadar versions 1.10.x antérieures à 1.10.17.0
IBM	Sterling	IBM Sterling B2B Integrator versions 6.0.x antérieures à 6.0.3.9
IBM	Sterling	IBM Sterling B2B Integrator versions 6.1.0.x à 6.1.2.x antérieures à 6.1.2.3
IBM	Cloud Pak	Cloud Pak for Security versions 1.10.x antérieures à 1.10.17.0
IBM	Sterling Connect:Direct	Services Web IBM Sterling Connect:Direct versions 6.3.x antérieures à 6.3.0.5

Vendor	Product	Description
IBM	Spectrum	IBM Spectrum Protect Server versions 8.1.x antérieures à 8.1.13
IBM	Spectrum	IBM Spectrum Protect Client versions 7.1.x antérieures à 7.1.8.12
IBM	Spectrum	IBM Spectrum Protect Client versions 8.1.x antérieures à 8.1.13
IBM	N/A	Rational Developer for i (RDi) RPG and COBOL + Modernization Tools, Java Edition toutes versions
IBM	Spectrum	IBM Spectrum Copy Data Management version 2.2.x antérieures à 2.2.14
IBM	Spectrum	IBM Spectrum Protect Plus versions 10.1.x antérieures à 10.1.9

Vendor	Product	Description
VMware	Tanzu Kubernetes Runtime	GenAI sur Tanzu Platform pour Cloud Foundry versions antérieures à 10.2.5
VMware	Tanzu Kubernetes Runtime	Tanzu Platform pour Cloud Foundry versions antérieures à 6.0.20+LTS-T
VMware	Tanzu Kubernetes Runtime	Stemcells (Ubuntu Noble) versions antérieures à 1.90.x
VMware	Tanzu Kubernetes Runtime	NodeJS Buildpack versions antérieures à 1.8.58
VMware	Tanzu Kubernetes Runtime	Python Buildpack versions antérieures à 1.8.63
VMware	Tanzu Kubernetes Runtime	VMware Tanzu pour MySQL sur Tanzu Platform versions antérieures à 10.1.0
VMware	Tanzu Kubernetes Runtime	API Gateway pour VMware Tanzu Platform versions antérieures à 2.4.0
VMware	Tanzu Kubernetes Runtime	PHP Buildpack versions antérieures à 4.6.49
VMware	Tanzu Kubernetes Runtime	Single Sign-On pour VMware Tanzu Platform versions antérieures à 1.16.14
VMware	Tanzu Kubernetes Runtime	Stemcells (Ubuntu Jammy FIPS) versions antérieures à 1.915.x
VMware	Tanzu Application Service	CredHub Service Broker versions antérieures à 1.6.6
VMware	Tanzu Kubernetes Runtime	Stemcells (Ubuntu Jammy FIPS) versions antérieures à 1.943.x
VMware	Tanzu Kubernetes Runtime	Elastic Application Runtime Windows add-on pour VMware Tanzu Platform versions antérieures à 10.2.4+LTS-T
VMware	Tanzu Kubernetes Runtime	Tanzu Platform pour Cloud Foundry Windows versions antérieures à 6.0.20+LTS-T
VMware	Tanzu Kubernetes Runtime	Stemcells (Ubuntu Jammy) versions antérieures à 1.915.x
VMware	Tanzu Kubernetes Runtime	Tanzu Platform pour Cloud Foundry Windows versions antérieures à 10.2.3+LTS-T
VMware	Tanzu Kubernetes Runtime	Single Sign-On pour VMware Tanzu Application Service versions antérieures à 1.16.13
VMware	Tanzu Kubernetes Runtime	Stemcells (Ubuntu Jammy) versions antérieures à 1.943.x
VMware	Tanzu Kubernetes Runtime	Tanzu Platform pour Cloud Foundry isolation segment versions antérieures à 6.0.20+LTS-T
VMware	Tanzu Kubernetes Runtime	Stemcells (Ubuntu Noble) versions antérieures à 1.77.x
VMware	Services Suite	Platform Automation Toolkit versions antérieures à 5.3.2
VMware	Tanzu Kubernetes Runtime	Stemcells (Ubuntu Jammy Azure Light) versions antérieures à 1.906.x
VMware	Tanzu Kubernetes Runtime	Spring Cloud Data Flow pour VMware Tanzu versions antérieures à 1.14.9
VMware	Tanzu Kubernetes Runtime	App Autoscaler CLI Plugin pour VMware Tanzu Platform versions antérieures à 250.5.9
VMware	Tanzu Kubernetes Runtime	Spring Cloud Services pour VMware Tanzu versions antérieures à 3.3.10
VMware	Tanzu Kubernetes Runtime	Tanzu Platform pour Cloud Foundry versions antérieures à 10.2.3+LTS-T
VMware	Tanzu Kubernetes Runtime	Concourse pour VMware Tanzu versions antérieures à 7.14.1+LTS-T
VMware	Tanzu Kubernetes Runtime	Tanzu Platform pour Cloud Foundry isolation segment versions antérieures à 10.2.3+LTS-T
VMware	Tanzu Kubernetes Runtime	Platform Services pour VMware Tanzu Platform versions antérieures à 10.3.0
VMware	Tanzu Kubernetes Runtime	Ruby Buildpack versions antérieures à 1.10.46
VMware	Tanzu Kubernetes Runtime	Elastic Application Runtime pour VMware Tanzu Platform versions antérieures à 6.0.21+LTS-T
VMware	Tanzu Kubernetes Runtime	Telemetry pour VMware Tanzu Platform versions antérieures à 2.3.0
VMware	Tanzu Kubernetes Runtime	Stemcells (Ubuntu Noble) versions antérieures à 1.103.x
VMware	Tanzu Kubernetes Runtime	Tanzu Hub versions antérieures à 10.3.0
VMware	Tanzu Kubernetes Runtime	Stemcells (Ubuntu Jammy) versions antérieures à 1.906.x

Vendor	Product	Description
IBM	Db2	IBM Cloud APM, Advanced Private versions 8.1.4 sans le dernier correctif de sécurité Fixpack cumulatif Db2
IBM	QRadar Suite Software	QRadar Suite Software versions 1.10.x.x antérieures à 1.10.18.0
IBM	N/A	IBM Db2 sur Cloud Pak pour Data et Db2 Warehouse sur Cloud Pak for Data versions antérieures à v4.8.2
IBM	QRadar SIEM	IBM QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP7 IF05
IBM	QRadar	IBM QRadar Use Case Manager App versions antérieures à 3.9.0
IBM	WebSphere	IBM WebSphere Application Server versions 8.5.x.x sans le SDK version 8 Service Refresh 8 FP20
IBM	WebSphere	IBM WebSphere Application Server Liberty sans le SDK version 8 Service Refresh 8 FP20
IBM	Sterling Connect:Direct	IBM Sterling Connect:Direct Web Services versions 6.1.x.x antérieures à 6.1.0.23
IBM	Sterling Connect:Direct	IBM Sterling Connect:Direct Web Services versions 6.3.x.x antérieures à 6.3.0.6
IBM	Sterling Connect:Direct	IBM Sterling Connect:Direct Web Services versions 6.2.x.x antérieures à 6.2.0.22
IBM	Db2	IBM Cloud APM, Base Private versions 8.1.4 sans le dernier correctif de sécurité Fixpack cumulatif Db2
IBM	Cloud Pak	IBM Cloud Pak for Security versions 1.10.x.x antérieures à 1.10.18.0
IBM	Spectrum	IBM Spectrum Scale versions 5.1.x.x antérieures à 5.1.2.15
IBM	WebSphere	IBM WebSphere Application Server versions 9.x sans le SDK version 8 Service Refresh 8 FP20
IBM	QRadar WinCollect Agent	IBM QRadar WinCollect Agent versions 10.0.x antérieures à 10.1.9
IBM	Spectrum	IBM Spectrum Scale versions 5.1.3.x antérieures à 5.1.9.2

Vendor	Product	Description
Splunk	Universal Forwarder	Universal Forwarder versions 9.0.x antérieures à 9.0.6
Splunk	N/A	Splunk ITSI versions 4.15.x antérieures à 4.15.3
Splunk	Universal Forwarder	Universal Forwarder versions 8.2.x antérieures à 8.2.12
Splunk	N/A	Splunk Cloud versions antérieures à 9.0.2305.200
Splunk	Universal Forwarder	Universal Forwarder versions 9.1.x antérieures à 9.1.1
Splunk	Splunk Enterprise	Splunk Enterprise versions 8.2.x antérieures à 8.2.12
Splunk	N/A	Splunk ITSI versions 4.13.x antérieures à 4.13.3
Splunk	Splunk Enterprise	Splunk Enterprise versions 9.1.x antérieures à 9.1.1
Splunk	Splunk Enterprise	Splunk Enterprise versions 9.0.x antérieures à 9.0.6

URL	Tags
cve@mitre.org	https://defcon.org/html/defcon-29/dc-29-speakers.html#kaoudis	Third Party Advisory
cve@mitre.org	https://github.com/golang/go/issues/30999	Exploit, Issue Tracking, Third Party Advisory
cve@mitre.org	https://github.com/golang/go/issues/43389	Issue Tracking, Third Party Advisory
cve@mitre.org	https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-016.md	Exploit, Third Party Advisory
cve@mitre.org	https://go-review.googlesource.com/c/go/+/325829/	Patch, Third Party Advisory
cve@mitre.org	https://golang.org/pkg/net/#ParseCIDR	Vendor Advisory
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4CHKSFMHZVOBCZSSVRE3UEYNKARTBMTM/
cve@mitre.org	https://security.gentoo.org/glsa/202208-02	Third Party Advisory
cve@mitre.org	https://www.oracle.com/security-alerts/cpujan2022.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://defcon.org/html/defcon-29/dc-29-speakers.html#kaoudis	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/golang/go/issues/30999	Exploit, Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/golang/go/issues/43389	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-016.md	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://go-review.googlesource.com/c/go/+/325829/	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://golang.org/pkg/net/#ParseCIDR	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4CHKSFMHZVOBCZSSVRE3UEYNKARTBMTM/
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202208-02	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2022.html	Patch, Third Party Advisory

Vendor	Product	Version
golang	go	*
oracle	timesten_in-memory_database	*
fedoraproject	fedora	36

Action not permitted

CVE-2021-29923 (GCVE-0-2021-29923)

Solution

Solution

Solutions

Solution

Solution

Solution

Solutions

Solution

Solution

Solution

Tags

Sightings

Nomenclature