Vulnerability Description
On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports these names as non-local.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Golang | Go | < 1.20.11 |
| Microsoft | Windows | - |
References
- https://go.dev/cl/540277Issue TrackingVendor Advisory
- https://go.dev/issue/63713Issue TrackingVendor Advisory
- https://groups.google.com/g/golang-announce/c/4tU8LZfBFkYIssue TrackingMailing ListVendor Advisory
- https://pkg.go.dev/vuln/GO-2023-2186Issue TrackingVendor Advisory
- https://go.dev/cl/540277Issue TrackingVendor Advisory
- https://go.dev/issue/63713Issue TrackingVendor Advisory
- https://groups.google.com/g/golang-announce/c/4tU8LZfBFkYIssue TrackingMailing ListVendor Advisory
- https://pkg.go.dev/vuln/GO-2023-2186Issue TrackingVendor Advisory
FAQ
What is CVE-2023-45284?
CVE-2023-45284 is a vulnerability with a CVSS score of 5.3 (MEDIUM). On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by super...
How severe is CVE-2023-45284?
CVE-2023-45284 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-45284?
Check the references section above for vendor advisories and patch information. Affected products include: Golang Go, Microsoft Windows.