CVE-2023-45284

Published: Nov 9, 2023Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports these names as non-local.

Affected (2)

Products: Golang: Go

1 product

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Golang Go	Before 1.20.11
Golang Go	From 1.21.0-0 to 1.21.4

Running on/with	Platform Versions
Microsoft Windows	All versions

References (8)

https://go.dev/cl/540277

Source: security@golang.org

Issue TrackingVendor Advisory

https://go.dev/issue/63713

Source: security@golang.org

Issue TrackingVendor Advisory

https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY

Source: security@golang.org

Issue TrackingMailing ListVendor Advisory

https://pkg.go.dev/vuln/GO-2023-2186

Source: security@golang.org

Issue TrackingVendor Advisory

https://go.dev/cl/540277

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

https://go.dev/issue/63713

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingMailing ListVendor Advisory

https://pkg.go.dev/vuln/GO-2023-2186

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.