virus logo FortiClient Vulnerability

Golang net.ParseIP Access Control Bypass Vulnerability

description-logoDescription

Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR.

affected-products-logoAffected Applications

Go Programming Language

CVE References

CVE-2021-29923

Other References

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29923
ID 4149
Created Feb 02, 2022
Description
Updated		 Aug 01, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Windows
Vendor Golang
Patch manual
Application Go Programming Language