CVE-2023-45284

Sažetak

On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports these names as non-local.

Reference

https://go.dev/cl/540277
https://go.dev/issue/63713
https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY
https://pkg.go.dev/vuln/GO-2023-2186

CVSS

Base:	5.3
Impact:	1.4
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Zadnje važnije ažuriranje

03-09-2024 - 19:35

Objavljeno

09-11-2023 - 17:15