Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2023-45284

Опубликовано: 09 нояб. 2023
Источник: debian
EPSS Низкий

Описание

On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports these names as non-local.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
golang-1.21fixed1.21.4-1package
golang-1.20fixed1.20.11-1package
golang-1.19removedpackage
golang-1.15removedpackage
golang-1.11removedpackage

Примечания

  • https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY

  • https://github.com/golang/go/issues/63713

  • https://github.com/golang/go/commit/9e933c189ca3a84f12995b3c799364a06abc4376 (go1.21.4)

  • https://github.com/golang/go/commit/46fb78168596f7ce8834f528bb0eb9555c08bcae (go1.20.11)

  • No security impact for Debian packages, only affects code running on Windows

EPSS

Процентиль: 12%
0.0004
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2023-45284

CVSS3: 5.3
ubuntu
около 2 лет назад

On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports these names as non-local.

nvd логотип

CVE-2023-45284

CVSS3: 5.3
nvd
около 2 лет назад

On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports these names as non-local.

msrc логотип

CVE-2023-45284

CVSS3: 5.3
msrc
около 2 месяцев назад

Incorrect detection of reserved device names on Windows in path/filepath

github логотип

GHSA-rq3x-83w4-p28c

CVSS3: 5.3
github
около 2 лет назад

On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports these names as non-local.

fstec логотип

BDU:2023-09012

CVSS3: 5.3
fstec
около 2 лет назад

Уязвимость языка программирования Go, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю обойти существующие ограничения безопасности

EPSS

Процентиль: 12%
0.0004
Низкий