Lucene search
GoogleOSV:GO-2023-1840HistoryJun 08, 2023 - 8:16 p.m.
Unsafe behavior in setuid/setgid binaries in runtime
2023-06-0820:16:06
Google
osv.dev
15
On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors.
If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.
Related
cgr
cgr
CVE-2023-29403 vulnerabilities
2024-05-19 03:07:16
cbl_mariner
cbl_mariner
CVE-2023-29403 affecting package golang for versions less than 1.20.7-1
2024-05-23 15:47:44
CVE-2023-29403 affecting package golang for versions less than 1.20.7-1
2024-05-23 15:47:51
CVE-2023-29403 affecting package msft-golang for versions less than 1.20.7-1
2024-05-23 15:47:51
ubuntucve
ubuntucve
CVE-2023-29403
2023-06-08 00:00:00
prion
prion
Design/Logic Flaw
2023-06-08 21:15:00
ibm
ibm
Security Bulletin: IBM App Connect Enterprise Certified Container operator and operands are vulnerable to privilege escalation due to [CVE-2023-29403]
2023-07-27 16:01:18
debiancve
debiancve
CVE-2023-29403
2023-06-08 21:15:16
cvelist
cvelist
CVE-2023-29403 Unsafe behavior in setuid/setgid binaries in runtime
2023-06-08 20:19:13
osv
osv
BIT-golang-2023-29403
2024-03-06 10:55:36
CVE-2023-29403
2023-06-08 21:15:16
Critical: go-toolset:rhel8 security update
2023-06-29 00:00:00
cve
cve
CVE-2023-29403
2023-06-08 21:15:16
veracode
veracode
Privilege Escalation
2023-07-10 00:03:06
alpinelinux
alpinelinux
CVE-2023-29403
2023-06-08 21:15:16
wolfi
wolfi
CVE-2023-29403 vulnerabilities
2024-05-23 15:48:21
redhatcve
redhatcve
CVE-2023-29403
2023-06-26 17:47:00
nessus
nessus
Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2023-312)
2023-08-24 00:00:00
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.20 (SUSE-SU-2023:2526-1)
2023-06-17 00:00:00
EulerOS 2.0 SP11 : golang (EulerOS-SA-2023-2859)
2024-01-16 00:00:00
f5
f5
rocky
rocky
go-toolset and golang security update
2023-07-08 02:54:41
mageia
mageia
Updated golang packages fix security vulnerability
2023-07-07 08:54:45
redhat
redhat
(RHSA-2023:3920) Critical: go-toolset-1.19 and go-toolset-1.19-golang security update
2023-06-29 05:25:55
(RHSA-2023:3923) Critical: go-toolset and golang security update
2023-06-29 09:38:01
(RHSA-2023:3922) Critical: go-toolset:rhel8 security update
2023-06-29 08:54:12
openvas
openvas
Fedora: Security Advisory for golang (FEDORA-2023-1819dc9854)
2023-08-12 00:00:00
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2023-2842)
2023-09-20 00:00:00
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2023-2859)
2023-09-20 00:00:00
almalinux
almalinux
Critical: go-toolset:rhel8 security update
2023-06-29 00:00:00
Critical: go-toolset and golang security update
2023-06-29 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: golang-1.20.6-1.fc38
2023-07-21 02:27:24
[SECURITY] Fedora 37 Update: golang-1.19.12-1.fc37
2023-08-11 01:01:43
oraclelinux
oraclelinux
go-toolset:ol8 security update
2023-07-04 00:00:00
go-toolset and golang security update
2023-07-07 00:00:00
redos
redos
ROS-20231109-01
2023-11-09 00:00:00
freebsd
freebsd
go -- multiple vulnerabilities
2023-04-27 00:00:00
amazon
amazon
Important: golang
2023-07-20 17:29:00
Important: golang
2023-09-27 22:15:00
photon
photon
Critical Photon OS Security Update - PHSA-2023-5.0-0037
2023-06-23 00:00:00
Critical Photon OS Security Update - PHSA-2023-5.0-0043
2023-07-04 00:00:00
Critical Photon OS Security Update - PHSA-2023-4.0-0415
2023-06-22 00:00:00
gentoo
gentoo
Go: Multiple Vulnerabilities
2023-11-25 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00