AZL-37513

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-37513.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-37513

Upstream

CVE-2023-45284

Published

2023-11-09T17:15:08Z

Modified

2026-04-01T05:12:32.550071Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

CVE-2023-45284 affecting package golang for versions less than 1.21.6-1

Details

On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports these names as non-local.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-45284

Affected packages

Azure Linux:2 / golang

Package

Name: golang
Purl: pkg:rpm/azure-linux/golang

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.21.6-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-37513.json"