Vulnerability CVE-2023-45284: Information

Description

On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports these names as non-local.

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2023-45284
Published: Nov. 9, 2023
Modified: Nov. 17, 2023

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
golangsisyphus1.21.4-alt11.22.2-alt1ALT-PU-2023-7056-1333908Fixed
golangsisyphus_riscv641.21.5-alt11.22.2-alt1ALT-PU-2023-7948-1-Fixed
golangp101.20.11-alt11.21.9-alt1ALT-PU-2023-7049-2333909Fixed
golangc10f11.20.11-alt11.21.9-alt1ALT-PU-2023-7050-2333819Fixed
golangc9f21.20.11-alt11.20.11-alt1ALT-PU-2023-7055-2333913Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://go.dev/issue/63713
  • Issue Tracking
  • Vendor Advisory
https://go.dev/cl/540277
  • Issue Tracking
  • Vendor Advisory
https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY
  • Issue Tracking
  • Mailing List
  • Vendor Advisory
https://pkg.go.dev/vuln/GO-2023-2186
  • Issue Tracking
  • Vendor Advisory

    1. Configuration 1

      cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
      cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.0
Back to top