CVE-2023-45284

medium

Description

On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports these names as non-local.

References

https://pkg.go.dev/vuln/GO-2023-2186

https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY

https://go.dev/issue/63713

https://go.dev/cl/540277

Details

Source: Mitre, NVD

Published: 2023-11-09

Updated: 2023-11-17

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Severity: Medium