CVE-2023-45284 – stdlib

Package

Manager: go
Name: stdlib
Vulnerable Version: >=0 <1.20.11

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0002 pctl0.03553

Details

Incorrect detection of reserved device names on Windows in path/filepath On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports these names as non-local.

Metadata

Created: 2023-11-08T22:42:19Z
Modified: 2024-10-22T05:29:13.273595Z
Source: https://osv-vulnerabilities
CWE IDs: N/A
Alternative ID: N/A
Finding: F113
Auto approve: 1