GO-2020-0007

Source
https://pkg.go.dev/vuln/GO-2020-0007
Import Source
https://vuln.go.dev/ID/GO-2020-0007.json
JSON Data
https://api.osv.dev/v1/vulns/GO-2020-0007
Aliases
Published
2021-04-14T20:04:52Z
Modified
2024-05-20T16:03:47Z
Summary
Improper input validation in github.com/seccomp/libseccomp-golang
Details

Filters containing rules with multiple syscall arguments are improperly constructed, such that all arguments are required to match rather than any of the arguments (AND is used rather than OR). These filters can be bypassed by only specifying a subset of the arguments due to this behavior.

Database specific
{
    "review_status": "REVIEWED",
    "url": "https://pkg.go.dev/vuln/GO-2020-0007"
}
References
Credits
    • @ihac

Affected packages

Go / github.com/seccomp/libseccomp-golang

Package

Name
github.com/seccomp/libseccomp-golang
View open source insights on deps.dev
Purl
pkg:golang/github.com/seccomp/libseccomp-golang

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.9.1-0.20170424173420-06e7a29f36a3

Ecosystem specific

{
    "imports": [
        {
            "path": "github.com/seccomp/libseccomp-golang",
            "symbols": [
                "ScmpFilter.AddRule",
                "ScmpFilter.AddRuleConditional",
                "ScmpFilter.AddRuleConditionalExact",
                "ScmpFilter.AddRuleExact",
                "ScmpFilter.addRuleGeneric"
            ]
        }
    ]
}