BIT-golang-2023-45284

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/golang/BIT-golang-2023-45284.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-golang-2023-45284

Aliases

CVE-2023-45284
GO-2023-2186

Published

2024-03-06T10:52:50.966Z

Modified

2024-09-11T06:13:45.087102Z

Summary

[none]

Details

On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports these names as non-local.

References

https://go.dev/cl/540277
https://go.dev/issue/63713
https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY
https://pkg.go.dev/vuln/GO-2023-2186

Affected packages

Bitnami / golang

Package

Name: golang
Purl: pkg:bitnami/golang

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.20.11

Introduced

1.21.0-0

Fixed

1.21.4