CVE-2023-45284

EPSS 0.02%
Veröffentlicht 09.11.2023 17:15:08
Zuletzt bearbeitet 21.11.2024 08:26:41
Quelle security@golang.org
Teams Watchlist Login
Unerledigt Login

On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports these names as non-local.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Golang ≫ Go Version < 1.20.11

Microsoft ≫ Windows Version-

Golang ≫ Go Version >= 1.21.0-0 < 1.21.4

Microsoft ≫ Windows Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.04

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

https://go.dev/cl/540277

Vendor Advisory

Issue Tracking

https://go.dev/issue/63713

Vendor Advisory

Issue Tracking

https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY

Vendor Advisory

Mailing List

Issue Tracking

https://pkg.go.dev/vuln/GO-2023-2186

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2023-45284

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-45284

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-45284

EUVD