5.3

CVE-2023-45284

Incorrect detection of reserved device names on Windows in path/filepath

On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports these names as non-local.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GolangGo Version < 1.20.11
   MicrosoftWindows Version-
GolangGo Version >= 1.21.0-0 < 1.21.4
   MicrosoftWindows Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.03% 0.095
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://go.dev/cl/540277
Vendor Advisory
Issue Tracking
https://go.dev/issue/63713
Vendor Advisory
Issue Tracking
https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY
Vendor Advisory
Mailing List
Issue Tracking
https://pkg.go.dev/vuln/GO-2023-2186
Vendor Advisory
Issue Tracking