Description
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.
References
https://github.com/golang/go/issues/52313
ExploitIssue TrackingPatchThird Party Advisory
https://groups.google.com/g/golang-announce
Issue TrackingMailing ListThird Party Advisory
https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU
Mailing ListThird Party Advisory
https://security.gentoo.org/glsa/202208-02
Third Party Advisory
https://security.netapp.com/advisory/ntap-20220729-0001/
Third Party Advisory
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 · Medium
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Modified
Published
2022-06-23T17:15:12.747
3 years agoLast modified
2023-11-07T03:46:03.463
1 year ago