CVE-2023-45284

Summary

On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports these names as non-local.

Affected Software

VendorProductVersion RangeStatus
Go standard librarypath/filepath0 < 1.20.11affected
Go standard librarypath/filepath1.21.0-0 < 1.21.4affected

Weaknesses

  • CWE-41: Improper Resolution of Path Equivalence

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References