Lucene search
Ubuntu.comUB:CVE-2023-45284HistoryNov 09, 2023 - 12:00 a.m.
CVE-2023-45284
2023-11-0900:00:00
ubuntu.com
ubuntu.com
20
windows
islocal function
reserved device names
vulnerability
fix
golang
rebuilding
impact
paths
On Windows, The IsLocal function does not correctly detect reserved device
names in some cases. Reserved names followed by spaces, such as "COM1 ",
and reserved names โCOMโ and โLPTโ followed by superscript 1, 2, or 3, are
incorrectly reported as local. With fix, IsLocal now correctly reports
these names as non-local.
Notes
| Author | Note |
|---|---|
| mdeslaur | Packages built using golang need to be rebuilt once the vulnerability has been fixed. This CVE entry does not list packages that need rebuilding outside of the main repository or the Ubuntu variants with PPA overlays. |
| rodrigo-zaiden | may impact only Windows paths, a better triage of real impact, if any, is appreciated. closed related to CVE-2023-45283 |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 18.04 | noarch | golang-1.10 | <ย any | UNKNOWN |
| ubuntu | 14.04 | noarch | golang-1.10 | <ย any | UNKNOWN |
| ubuntu | 16.04 | noarch | golang-1.10 | <ย any | UNKNOWN |
| ubuntu | 18.04 | noarch | golang-1.13 | <ย any | UNKNOWN |
| ubuntu | 20.04 | noarch | golang-1.13 | <ย any | UNKNOWN |
| ubuntu | 22.04 | noarch | golang-1.13 | <ย any | UNKNOWN |
| ubuntu | 16.04 | noarch | golang-1.13 | <ย any | UNKNOWN |
| ubuntu | 20.04 | noarch | golang-1.14 | <ย any | UNKNOWN |
| ubuntu | 18.04 | noarch | golang-1.16 | <ย any | UNKNOWN |
| ubuntu | 20.04 | noarch | golang-1.16 | <ย any | UNKNOWN |
References
github.com/golang/go/commit/46fb78168596f7ce8834f528bb0eb9555c08bcae (go1.20.11)
github.com/golang/go/commit/9e933c189ca3a84f12995b3c799364a06abc4376 (go1.21.4)
github.com/golang/go/issues/63713
groups.google.com/g/golang-announce/c/4tU8LZfBFkY
launchpad.net/bugs/cve/CVE-2023-45284
nvd.nist.gov/vuln/detail/CVE-2023-45284
security-tracker.debian.org/tracker/CVE-2023-45284
www.cve.org/CVERecord?id=CVE-2023-45284
Related
ubuntucve
ubuntucve
CVE-2023-45283
2023-11-09 00:00:00
nessus
nessus
openvas
openvas
openSUSE: Security Advisory for go1.20 (SUSE-SU-2023:4470-1)
2024-03-04 00:00:00
openSUSE: Security Advisory for go1.21 (SUSE-SU-2023:4471-1)
2024-03-04 00:00:00
openSUSE: Security Advisory for go1.20 (SUSE-SU-2023:4472-1)
2024-03-04 00:00:00
amazon
amazon
Medium: golang
2024-01-03 21:04:00
Medium: golang
2024-01-03 22:37:00
ibm
ibm
Security Bulletin: IBM Cloud Pak for Data Scheduling is vulnerable to directory traversal due to golang compiler ( CVE-2023-45283,CVE-2023-45284, CVE-2023-45285 )
2024-04-11 21:37:01
debiancve
debiancve
CVE-2023-45284
2023-11-09 17:15:08
CVE-2023-45283
2023-11-09 17:15:08
osv
osv
CVE-2023-45284
2023-11-09 17:15:08
BIT-golang-2023-45284
2024-03-06 10:52:50
Incorrect detection of reserved device names on Windows in path/filepath
2023-11-08 22:42:19
cgr
cgr
CVE-2023-45283 vulnerabilities
2024-05-17 15:41:37
cbl_mariner
cbl_mariner
CVE-2023-45283 affecting package golang for versions less than 1.21.6-1
2024-05-17 09:07:16
CVE-2023-45284 affecting package golang for versions less than 1.21.6-1
2024-05-17 09:07:16
prion
prion
Path traversal
2023-11-09 17:15:00
Code injection
2023-11-09 17:15:00
cvelist
cvelist
cve
cve
CVE-2023-45284
2023-11-09 17:15:08
CVE-2023-45283
2023-11-09 17:15:08
veracode
veracode
Insecure Parsing Of File Path
2023-11-09 07:17:38
Path Traversal
2023-11-09 07:21:41
wolfi
wolfi
CVE-2023-45283 vulnerabilities
2024-05-17 21:08:03
photon
photon
Important Photon OS Security Update - PHSA-2023-5.0-0176
2023-12-21 00:00:00
Important Photon OS Security Update - PHSA-2023-3.0-0702
2023-12-21 00:00:00
Important Photon OS Security Update - PHSA-2023-4.0-0531
2023-12-22 00:00:00
redos
redos
ROS-20240402-17
2024-04-02 00:00:00
mageia
mageia
Updated golang packages fix security vulnerabilities
2023-12-18 01:40:49