CVE-2023-45284
MEDIUM severity · CVSS 5.3
5.3CVSS MEDIUM
Summary
On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports these names as non-local.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges requiredNone
User interactionNone
Confidentiality impactNone
Integrity impactLow
Availability impactNone
Exploit probability (EPSS)0%
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Affected products we track (1)
Recommendation
Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.
Additional information
- NVD record
- https://go.dev/cl/540277Advisory
- https://go.dev/issue/63713Advisory
- https://groups.google.com/g/golang-announce/c/4tU8LZfBFkYAdvisory
- https://pkg.go.dev/vuln/GO-2023-2186Advisory
- https://go.dev/cl/540277Advisory
- https://go.dev/issue/63713Advisory
- https://groups.google.com/g/golang-announce/c/4tU8LZfBFkYAdvisory
- https://pkg.go.dev/vuln/GO-2023-2186Advisory