CVE-2022-41716

🗓️ 02 Nov 2022 15:28:19Reported by GoType

cve🔗 web.nvd.nist.gov📰️ 4 Media mentions👁 210 Views

Due to unsanitized NUL values, attackers may set environment variables on Windows

Reporter	Title	Published	Views	Family All 127
IBM Security Bulletins	Security Bulletin: CVE-2022-2879, CVE-2022-41715, CVE-2022-2880, CVE-2022-41717, CVE-2022-41716 may affect IBM CICS TX Advanced	16 Mar 202315:24	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for Febuary 2023	10 Mar 202318:29	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Pypa Setuptools, Golang Go, OpenSSH, Minio and Certifi may affect IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift	26 Mar 202503:37	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities affect IBM Db2® REST	17 Apr 202318:56	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is affected by multiple vulnerabilities in Golang Go	5 Jul 202321:52	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.	26 Apr 202319:38	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.	12 Apr 202320:23	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restrictions bypass in Golang Go (CVE-2022-41716)	31 Mar 202317:09	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs	24 Feb 202319:49	–	ibm
IBM Security Bulletins	Security Bulletin: Netcool Operations Insights 1.6.9 addresses multiple security vulnerabilities.	18 Jul 202313:09	–	ibm

NVD

Node

golang goRange<1.18.8

golang goRange1.19.0–1.19.3

AND

microsoft windowsMatch-

[
  {
    "vendor": "Go standard library",
    "product": "syscall",
    "collectionURL": "https://pkg.go.dev",
    "packageName": "syscall",
    "versions": [
      {
        "version": "0",
        "lessThan": "1.18.8",
        "status": "affected",
        "versionType": "semver"
      },
      {
        "version": "1.19.0-0",
        "lessThan": "1.19.3",
        "status": "affected",
        "versionType": "semver"
      }
    ],
    "platforms": [
      "windows"
    ],
    "programRoutines": [
      {
        "name": "StartProcess"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Go standard library",
    "product": "os/exec",
    "collectionURL": "https://pkg.go.dev",
    "packageName": "os/exec",
    "versions": [
      {
        "version": "0",
        "lessThan": "1.18.8",
        "status": "affected",
        "versionType": "semver"
      },
      {
        "version": "1.19.0-0",
        "lessThan": "1.19.3",
        "status": "affected",
        "versionType": "semver"
      }
    ],
    "platforms": [
      "windows"
    ],
    "programRoutines": [
      {
        "name": "Cmd.environ"
      },
      {
        "name": "dedupEnv"
      },
      {
        "name": "dedupEnvCase"
      },
      {
        "name": "Cmd.CombinedOutput"
      },
      {
        "name": "Cmd.Environ"
      },
      {
        "name": "Cmd.Output"
      },
      {
        "name": "Cmd.Run"
      },
      {
        "name": "Cmd.Start"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
groups	www.groups.google.com/g/golang-announce/c/mbHY1UY3BaM/m/hSpmRzk-AgAJ
go	www.go.dev/cl/446916
pkg	www.pkg.go.dev/vuln/GO-2022-1095
go	www.go.dev/issue/56284
security	www.security.netapp.com/advisory/ntap-20230120-0007/

21 Nov 2024 07:23Current

7.5High risk

Vulners AI Score7.5

CVSS 3.16.3 - 7.5

EPSS0.00013

SSVC