Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

msrc логотип

CVE-2022-41716

Опубликовано: 03 сент. 2025
Источник: msrc
CVSS3: 6.3
EPSS Низкий

Описание

Unsanitized NUL in environment variables on Windows in syscall and os/exec

EPSS

Процентиль: 3%
0.00018
Низкий

6.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-41716

CVSS3: 7.5
ubuntu
почти 3 года назад

Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavior to set a value for a different environment variable. For example, the environment variable string "A=B\x00C=D" sets the variables "A=B" and "C=D".

nvd логотип

CVE-2022-41716

CVSS3: 7.5
nvd
почти 3 года назад

Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavior to set a value for a different environment variable. For example, the environment variable string "A=B\x00C=D" sets the variables "A=B" and "C=D".

debian логотип

CVE-2022-41716

CVSS3: 7.5
debian
почти 3 года назад

Due to unsanitized NUL values, attackers may be able to maliciously se ...

suse-cvrf логотип

SUSE-SU-2022:4055-1

suse-cvrf
почти 3 года назад

Security update for go1.18

suse-cvrf логотип

SUSE-SU-2022:4054-1

suse-cvrf
почти 3 года назад

Security update for go1.19

EPSS

Процентиль: 3%
0.00018
Низкий

6.3 Medium

CVSS3