Home

CVE-2022-29526

Description

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.

Risk Information

Base Score
5.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
0.182

Associated Vulnerability

VulnerabilityOS Platform
(RHSA-2022:5337) go-toolset:rhel8 security and bug fix update go-toolset-1.17.10-1.module+el8.6.0+15486+6d4da7db.x86_64.rpmLinux
(RHSA-2022:5337) go-toolset:rhel8 security and bug fix update golang-1.17.10-1.module+el8.6.0+15486+6d4da7db.x86_64.rpmLinux
(RHSA-2022:5337) go-toolset:rhel8 security and bug fix update golang-bin-1.17.10-1.module+el8.6.0+15486+6d4da7db.x86_64.rpmLinux
(RHSA-2022:5337) go-toolset:rhel8 security and bug fix update golang-docs-1.17.10-1.module+el8.6.0+15486+6d4da7db.noarch.rpmLinux
(RHSA-2022:5337) go-toolset:rhel8 security and bug fix update golang-misc-1.17.10-1.module+el8.6.0+15486+6d4da7db.noarch.rpmLinux
(RHSA-2022:5337) go-toolset:rhel8 security and bug fix update golang-race-1.17.10-1.module+el8.6.0+15486+6d4da7db.x86_64.rpmLinux
(RHSA-2022:5337) go-toolset:rhel8 security and bug fix update golang-src-1.17.10-1.module+el8.6.0+15486+6d4da7db.noarch.rpmLinux
(RHSA-2022:5337) go-toolset:rhel8 security and bug fix update golang-tests-1.17.10-1.module+el8.6.0+15486+6d4da7db.noarch.rpmLinux
Delve update (ELSA-2022-5337) delve-1.7.2-1.0.1.module+el8.6.0+20559+3b94dc2a.x86_64.rpmLinux
Go-toolset update (ELSA-2022-5337) go-toolset-1.17.10-1.module+el8.6.0+20691+4e76a6d9.x86_64.rpmLinux
Golang update (ELSA-2022-5337) golang-1.17.10-1.module+el8.6.0+20691+4e76a6d9.x86_64.rpmLinux
Golang-bin update (ELSA-2022-5337) golang-bin-1.17.10-1.module+el8.6.0+20691+4e76a6d9.x86_64.rpmLinux
Golang-docs update (ELSA-2022-5337) golang-docs-1.17.10-1.module+el8.6.0+20691+4e76a6d9.noarch.rpmLinux
Golang-misc update (ELSA-2022-5337) golang-misc-1.17.10-1.module+el8.6.0+20691+4e76a6d9.noarch.rpmLinux
Golang-race update (ELSA-2022-5337) golang-race-1.17.10-1.module+el8.6.0+20691+4e76a6d9.x86_64.rpmLinux
Golang-src update (ELSA-2022-5337) golang-src-1.17.10-1.module+el8.6.0+20691+4e76a6d9.noarch.rpmLinux
Golang-tests update (ELSA-2022-5337) golang-tests-1.17.10-1.module+el8.6.0+20691+4e76a6d9.noarch.rpmLinux
Go programming language compiler - metapackage (USN-6038-1) golang-1.18_1.18.1-1ubuntu1.1_all.debLinux
Go programming language compiler - metapackage (USN-6038-1) golang-1.18_1.18.1-1ubuntu1~18.04.4_all.debLinux
Go programming language compiler - metapackage (USN-6038-1) golang-1.18_1.18.1-1ubuntu1~20.04.2_all.debLinux
Go programming language compiler - metapackage (USN-6038-1) golang-1.18-go_1.18.1-1ubuntu1.1_amd64.debLinux
Go programming language compiler - metapackage (USN-6038-1) golang-1.18-go_1.18.1-1ubuntu1~18.04.4_i386.debLinux
Go programming language compiler - metapackage (USN-6038-1) golang-1.18-go_1.18.1-1ubuntu1~18.04.4_amd64.debLinux
Go programming language compiler - metapackage (USN-6038-1) golang-1.18-go_1.18.1-1ubuntu1~20.04.2_amd64.debLinux
Go programming language compiler - metapackage (USN-6038-1) golang-1.18-src_1.18.1-1ubuntu1.1_all.debLinux
Go programming language compiler - metapackage (USN-6038-1) golang-1.18-src_1.18.1-1ubuntu1~18.04.4_all.debLinux
Go programming language compiler - metapackage (USN-6038-1) golang-1.18-src_1.18.1-1ubuntu1~20.04.2_all.debLinux
SUSE-SU-2023:2312-1(Development Tools Module 15-SP4 ) go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64.rpmLinux
SUSE-SU-2023:2312-1(Development Tools Module 15-SP4 ) go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64.rpmLinux
SUSE-SU-2023:2312-1(Development Tools Module 15-SP4 ) go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64.rpmLinux
golang-github-godbus-dbus Security Update (ALAS-2022-1858) golang-github-godbus-dbus-devel-0-0.1.gitcb98efb.amzn2.0.2.noarch.rpmLinux
golang-github-gorilla-context Security Update (ALAS-2022-1859) golang-github-gorilla-context-devel-0-0.24.gitb06ed15.amzn2.0.4.x86_64.rpmLinux
golang-github-gorilla-mux Security Update (ALAS-2022-1860) golang-github-gorilla-mux-devel-0-0.16.git136d54f.amzn2.0.2.noarch.rpmLinux
golang-googlecode-net Security Update (ALAS-2022-1861) golang-googlecode-net-devel-0-0.12.hg84a4013f96e0.amzn2.0.2.noarch.rpmLinux
golang-googlecode-sqlite Security Update (ALAS-2022-1862) golang-googlecode-sqlite-devel-0-0.9.hg74691fb6f837.amzn2.0.4.x86_64.rpmLinux
go-rpm-macros Security Update (ALAS-2022-1863) go-filesystem-3.0.15-23.amzn2.0.2.x86_64.rpmLinux
go-rpm-macros Security Update (ALAS-2022-1863) go-rpm-macros-3.0.15-23.amzn2.0.2.x86_64.rpmLinux
go-rpm-macros Security Update (ALAS-2022-1863) go-srpm-macros-3.0.15-23.amzn2.0.2.noarch.rpmLinux
go-rpm-macros Security Update (ALAS-2022-1863) go-rpm-templates-3.0.15-23.amzn2.0.2.noarch.rpmLinux
golang-github-kr-pty Security Update (ALAS-2022-1864) golang-github-kr-pty-devel-0-0.19.git98c7b80.amzn2.0.3.x86_64.rpmLinux
golang-github-syndtr-gocapability Security Update (ALAS-2022-1865) golang-github-syndtr-gocapability-devel-0-0.5.git3454319.amzn2.0.3.x86_64.rpmLinux
golist Security Update (ALAS-2023-046) golist-0.10.1-11.amzn2023.0.3.x86_64.rpmLinux
golang-github-cpuguy83-md2man Security Update (ALAS-2023-047) golang-github-cpuguy83-md2man-2.0.2-22.amzn2023.0.2.x86_64.rpmLinux
golang-github-cpuguy83-md2man Security Update (ALAS-2023-047) golang-github-cpuguy83-md2man-devel-2.0.2-22.amzn2023.0.2.noarch.rpmLinux
golang-github-cpuguy83-md2man Security Update (ALAS-2023-047) compat-golang-github-cpuguy83-md2man-2-devel-2.0.2-22.amzn2023.0.2.noarch.rpmLinux
golang-github-godbus-dbus Security Update (ALAS2-2022-1858) golang-github-godbus-dbus-devel-0-0.1.gitcb98efb.amzn2.0.2.noarch.rpmLinux
golang-github-gorilla-context Security Update (ALAS2-2022-1859) golang-github-gorilla-context-devel-0-0.24.gitb06ed15.amzn2.0.4.x86_64.rpmLinux
golang-github-gorilla-mux Security Update (ALAS2-2022-1860) golang-github-gorilla-mux-devel-0-0.16.git136d54f.amzn2.0.2.noarch.rpmLinux
golang-googlecode-net Security Update (ALAS2-2022-1861) golang-googlecode-net-devel-0-0.12.hg84a4013f96e0.amzn2.0.2.noarch.rpmLinux
golang-googlecode-sqlite Security Update (ALAS2-2022-1862) golang-googlecode-sqlite-devel-0-0.9.hg74691fb6f837.amzn2.0.4.x86_64.rpmLinux
go-rpm-macros Security Update (ALAS2-2022-1863) go-filesystem-3.0.15-23.amzn2.0.2.x86_64.rpmLinux
go-rpm-macros Security Update (ALAS2-2022-1863) go-rpm-macros-3.0.15-23.amzn2.0.2.x86_64.rpmLinux
go-rpm-macros Security Update (ALAS2-2022-1863) go-rpm-templates-3.0.15-23.amzn2.0.2.noarch.rpmLinux
go-rpm-macros Security Update (ALAS2-2022-1863) go-srpm-macros-3.0.15-23.amzn2.0.2.noarch.rpmLinux
golang-github-kr-pty Security Update (ALAS2-2022-1864) golang-github-kr-pty-devel-0-0.19.git98c7b80.amzn2.0.3.x86_64.rpmLinux
golang-github-syndtr-gocapability Security Update (ALAS2-2022-1865) golang-github-syndtr-gocapability-devel-0-0.5.git3454319.amzn2.0.3.x86_64.rpmLinux
golist Security Update (ALAS2023-2023-046) golist-0.10.1-11.amzn2023.0.3.x86_64.rpmLinux
golang-github-cpuguy83-md2man Security Update (ALAS2023-2023-047) compat-golang-github-cpuguy83-md2man-2-devel-2.0.2-22.amzn2023.0.2.noarch.rpmLinux
golang-github-cpuguy83-md2man Security Update (ALAS2023-2023-047) golang-github-cpuguy83-md2man-2.0.2-22.amzn2023.0.2.x86_64.rpmLinux
golang-github-cpuguy83-md2man Security Update (ALAS2023-2023-047) golang-github-cpuguy83-md2man-devel-2.0.2-22.amzn2023.0.2.noarch.rpmLinux
golang Security Update (ALAS2023-2023-048) golang-1.19.3-2.amzn2023.0.2.x86_64.rpmLinux
golang Security Update (ALAS2023-2023-048) golang-bin-1.19.3-2.amzn2023.0.2.x86_64.rpmLinux
golang Security Update (ALAS2023-2023-048) golang-docs-1.19.3-2.amzn2023.0.2.noarch.rpmLinux
golang Security Update (ALAS2023-2023-048) golang-misc-1.19.3-2.amzn2023.0.2.noarch.rpmLinux
golang Security Update (ALAS2023-2023-048) golang-race-1.19.3-2.amzn2023.0.2.x86_64.rpmLinux
golang Security Update (ALAS2023-2023-048) golang-shared-1.19.3-2.amzn2023.0.2.x86_64.rpmLinux
golang Security Update (ALAS2023-2023-048) golang-src-1.19.3-2.amzn2023.0.2.noarch.rpmLinux
golang Security Update (ALAS2023-2023-048) golang-tests-1.19.3-2.amzn2023.0.2.noarch.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234