GHSA-p782-xgp4-8hr8

Опубликовано: 24 июн. 2022

Источник: github

Github: Прошло ревью

CVSS3: 5.3

Описание

golang.org/x/sys/unix has Incorrect privilege reporting in syscall

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Reporting in syscall. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.

Specific Go Packages Affected

golang.org/x/sys/unix

Ссылки

Пакеты

Наименование

golang.org/x/sys

Затронутые версииВерсия исправления

< 0.0.0-20220412211240-33da011f77ad

0.0.0-20220412211240-33da011f77ad

EPSS

Процентиль: 36%

0.00149

Низкий

5.3 Medium

CVSS3

CVE ID

CVE-2022-29526

Дефекты

CWE-269

Связанные уязвимости

CVE-2022-29526

CVSS3: 5.3

ubuntu

почти 3 года назад

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.

CVE-2022-29526

CVSS3: 6.2

redhat

около 3 лет назад

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.

CVE-2022-29526

CVSS3: 5.3

nvd

почти 3 года назад

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.

CVE-2022-29526

CVSS3: 5.3

msrc

5 месяцев назад

Описание отсутствует

CVE-2022-29526

CVSS3: 5.3

debian

почти 3 года назад

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Ass ...

EPSS

Процентиль: 36%

0.00149

Низкий

5.3 Medium

CVSS3

CVE ID

CVE-2022-29526

Дефекты

CWE-269