CVE-2023-45284

EPSS 0.02%
Published 09.11.2023 17:15:08
Last modified 21.11.2024 08:26:41
Source security@golang.org
Teams watchlist Login
Open Login

On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports these names as non-local.

Affected products Warnungen 0 Metrics 3 CWE 0 References 7

Data is provided by the National Vulnerability Database (NVD)

Golang ≫ Go Version < 1.20.11

Microsoft ≫ Windows Version-

Golang ≫ Go Version >= 1.21.0-0 < 1.21.4

Microsoft ≫ Windows Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.04

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

https://go.dev/cl/540277

Vendor Advisory

Issue Tracking

https://go.dev/issue/63713

Vendor Advisory

Issue Tracking

https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY

Vendor Advisory

Mailing List

Issue Tracking

https://pkg.go.dev/vuln/GO-2023-2186

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2023-45284

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-45284

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-45284

EUVD