CVE-2024-24790 - Denial of Service (DoS
Severity: None2025-03-11
Abstract
The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.
The Oxygen products incorporate gosu as a third-party libraries. This advisory was opened to address the potential impact of this third-party libraries vulnerability.
Affected Products/Versions
Product | Severity | Fixed Release Availability |
Oxygen XML Web Author v7.0 and older | None | Oxygen Content Fusion 7.1 build 2024100818 |
Detail
CVE-2024-24790
Severity: Critical
CVSS Score: 9.8
The gosu third-party libraries used by Oxygen XML products are an affected version mentioned in CVE-2024-24790 vulnerability description. However, Oxygen Content Fusion does not use IPv4-mapped IPv6 addresses. For that reason Oxygen products are not affected by this vulnerability.
Starting with Oxygen Content Fusion v7.1 build 2024100818 gosu library was removed.