CVE-2023-45284
Last modified
CVE-2023-45284 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3, are incorrectly reported as local. EPSS estimates a 0.90% chance of exploitation in the next 30 days.
Description
On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports these names as non-local.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Golang | Go | < 1.20.11 |
| Golang | Go | >= 1.21.0-0, < 1.21.4 |
References
- https://go.dev/cl/540277Issue Tracking, Vendor Advisory
- https://go.dev/issue/63713Issue Tracking, Vendor Advisory
- https://groups.google.com/g/golang-announce/c/4tU8LZfBFkYIssue Tracking, Mailing List, Vendor Advisory
- https://pkg.go.dev/vuln/GO-2023-2186Issue Tracking, Vendor Advisory
- https://go.dev/cl/540277Issue Tracking, Vendor Advisory
- https://go.dev/issue/63713Issue Tracking, Vendor Advisory
- https://groups.google.com/g/golang-announce/c/4tU8LZfBFkYIssue Tracking, Mailing List, Vendor Advisory
- https://pkg.go.dev/vuln/GO-2023-2186Issue Tracking, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-45284?
How severe is CVE-2023-45284?
How do I fix CVE-2023-45284?
Are you affected by CVE-2023-45284?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST