CVE-2023-45284
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports these names as non-local.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Go standard library | path/filepath | 0 < 1.20.11 | affected |
| Go standard library | path/filepath | 1.21.0-0 < 1.21.4 | affected |
Weaknesses
- CWE-41: Improper Resolution of Path Equivalence
ADP Enrichment
CVE Program Container
Additional References
- https://go.dev/issue/63713
- https://go.dev/cl/540277
- https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY
- https://pkg.go.dev/vuln/GO-2023-2186
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
- https://go.dev/issue/63713
- https://go.dev/cl/540277
- https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY
- https://pkg.go.dev/vuln/GO-2023-2186
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.