VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-pz2t-umsf-aaan

Essentials
Severities (119)
References (43)
Severity details (10)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-pz2t-umsf-aaan
Aliases	CVE-2021-29923
Summary	Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-20

Improper Input Validation

System	Score	Found at
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:3431
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:3585
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:4722
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:4725
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:4902
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:4910
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:4914
rhas	Important	https://access.redhat.com/errata/RHSA-2022:0237
rhas	Important	https://access.redhat.com/errata/RHSA-2022:0260
rhas	Moderate	https://access.redhat.com/errata/RHSA-2022:0318
rhas	Moderate	https://access.redhat.com/errata/RHSA-2022:0431
rhas	Moderate	https://access.redhat.com/errata/RHSA-2022:0432
rhas	Moderate	https://access.redhat.com/errata/RHSA-2022:0434
rhas	Moderate	https://access.redhat.com/errata/RHSA-2022:0557
rhas	Moderate	https://access.redhat.com/errata/RHSA-2022:0561
rhas	Moderate	https://access.redhat.com/errata/RHSA-2022:0577
rhas	Moderate	https://access.redhat.com/errata/RHSA-2022:0947
rhas	Moderate	https://access.redhat.com/errata/RHSA-2022:0988
rhas	Moderate	https://access.redhat.com/errata/RHSA-2022:0989
rhas	Moderate	https://access.redhat.com/errata/RHSA-2022:0997
rhas	Moderate	https://access.redhat.com/errata/RHSA-2022:0998
rhas	Important	https://access.redhat.com/errata/RHSA-2022:1276
rhas	Important	https://access.redhat.com/errata/RHSA-2022:1372
cvssv3	7.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29923.json
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00173	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00173	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00173	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00173	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
epss	0.00324	https://api.first.org/data/v1/epss?cve=CVE-2021-29923
rhbs	medium	https://bugzilla.redhat.com/show_bug.cgi?id=1992006
cvssv3.1	7.4	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2	5.0	https://nvd.nist.gov/vuln/detail/CVE-2021-29923
cvssv3	7.5	https://nvd.nist.gov/vuln/detail/CVE-2021-29923
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2021-29923
archlinux	Medium	https://security.archlinux.org/AVG-1357
cvssv3.1	5.3	https://security.gentoo.org/glsa/202208-02
generic_textual	MODERATE	https://security.gentoo.org/glsa/202208-02
cvssv3.1	6.6	https://www.oracle.com/security-alerts/cpujan2022.html
generic_textual	MODERATE	https://www.oracle.com/security-alerts/cpujan2022.html

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29923.json
		https://api.first.org/data/v1/epss?cve=CVE-2021-29923
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29923
		https://defcon.org/html/defcon-29/dc-29-speakers.html#kaoudis
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/golang/go/issues/30999
		https://github.com/golang/go/issues/43389
		https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-016.md
		https://golang.org/pkg/net/#ParseCIDR
		https://go-review.googlesource.com/c/go/+/325829/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4CHKSFMHZVOBCZSSVRE3UEYNKARTBMTM/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4CHKSFMHZVOBCZSSVRE3UEYNKARTBMTM/
		https://security.gentoo.org/glsa/202208-02
		https://www.oracle.com/security-alerts/cpujan2022.html
1992006		https://bugzilla.redhat.com/show_bug.cgi?id=1992006
AVG-1357		https://security.archlinux.org/AVG-1357
cpe:2.3:a:golang:go::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:golang:go::::::::
cpe:2.3:a:oracle:timesten_in-memory_database::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:timesten_in-memory_database::::::::
cpe:2.3:o:fedoraproject:fedora:36:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:36:::::::*
CVE-2021-29923		https://nvd.nist.gov/vuln/detail/CVE-2021-29923
RHSA-2021:3431		https://access.redhat.com/errata/RHSA-2021:3431
RHSA-2021:3585		https://access.redhat.com/errata/RHSA-2021:3585
RHSA-2021:4722		https://access.redhat.com/errata/RHSA-2021:4722
RHSA-2021:4725		https://access.redhat.com/errata/RHSA-2021:4725
RHSA-2021:4902		https://access.redhat.com/errata/RHSA-2021:4902
RHSA-2021:4910		https://access.redhat.com/errata/RHSA-2021:4910
RHSA-2021:4914		https://access.redhat.com/errata/RHSA-2021:4914
RHSA-2022:0237		https://access.redhat.com/errata/RHSA-2022:0237
RHSA-2022:0260		https://access.redhat.com/errata/RHSA-2022:0260
RHSA-2022:0318		https://access.redhat.com/errata/RHSA-2022:0318
RHSA-2022:0431		https://access.redhat.com/errata/RHSA-2022:0431
RHSA-2022:0432		https://access.redhat.com/errata/RHSA-2022:0432
RHSA-2022:0434		https://access.redhat.com/errata/RHSA-2022:0434
RHSA-2022:0557		https://access.redhat.com/errata/RHSA-2022:0557
RHSA-2022:0561		https://access.redhat.com/errata/RHSA-2022:0561
RHSA-2022:0577		https://access.redhat.com/errata/RHSA-2022:0577
RHSA-2022:0947		https://access.redhat.com/errata/RHSA-2022:0947
RHSA-2022:0988		https://access.redhat.com/errata/RHSA-2022:0988
RHSA-2022:0989		https://access.redhat.com/errata/RHSA-2022:0989
RHSA-2022:0997		https://access.redhat.com/errata/RHSA-2022:0997
RHSA-2022:0998		https://access.redhat.com/errata/RHSA-2022:0998
RHSA-2022:1276		https://access.redhat.com/errata/RHSA-2022:1276
RHSA-2022:1372		https://access.redhat.com/errata/RHSA-2022:1372

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29923.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-29923

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-29923

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-29923

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://security.gentoo.org/glsa/202208-02

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Found at https://www.oracle.com/security-alerts/cpujan2022.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.20236
EPSS Score	0.00077
Published At	April 7, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.