Vulnerability CVE-2023-45284: Information
Description
On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports these names as non-local.
Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
golang | sisyphus | 1.21.4-alt1 | 1.22.2-alt1 | ALT-PU-2023-7056-1 | 333908 | Fixed |
golang | sisyphus_riscv64 | 1.21.5-alt1 | 1.22.2-alt1 | ALT-PU-2023-7948-1 | - | Fixed |
golang | p10 | 1.20.11-alt1 | 1.21.9-alt1 | ALT-PU-2023-7049-2 | 333909 | Fixed |
golang | c10f1 | 1.20.11-alt1 | 1.21.9-alt1 | ALT-PU-2023-7050-2 | 333819 | Fixed |
golang | c9f2 | 1.20.11-alt1 | 1.20.11-alt1 | ALT-PU-2023-7055-2 | 333913 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://go.dev/issue/63713 |
|
https://go.dev/cl/540277 |
|
https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY |
|
https://pkg.go.dev/vuln/GO-2023-2186 |
|