BIT-golang-2023-45284

Import Source

https://github.com/bitnami/vulndb/tree/main/data/golang/BIT-golang-2023-45284.json

Aliases

CVE-2023-45284
GO-2023-2186

Published

2023-11-18T07:17:52.696Z

Modified

2023-11-18T08:11:32.825846Z

Details

On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports these names as non-local.

References

https://go.dev/cl/540277
https://go.dev/issue/63713
https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY
https://pkg.go.dev/vuln/GO-2023-2186

Affected packages

Bitnami / golang

Package

Name: golang

Affected ranges

Type: SEMVER
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.20.11

Introduced

1.21.0-0

Fixed

1.21.4