Fluid Attacks Database

Description

Incorrect privilege reporting in syscall and golang.org/x/sys/unix When called with a non-zero flags parameter, the Faccessat function can incorrectly report that a file is accessible.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
go	golang.org/x/sys/unix	>=0 <0.0.0-20220412211240-33da011f77ad	0.0.0-20220412211240-33da011f77ad
go	stdlib	>=0 <1.17.10	1.17.10
go	golang.org/x/sys	>=0 <0.0.0-20220412211240-33da011f77ad	0.0.0-20220412211240-33da011f77ad
debian 11	golang-1.15	=1.15.15-1 \|\| =1.15.15-1~deb11u1 \|\| =1.15.15-1~deb11u2 \|\| =1.15.15-1~deb11u3 \|\| =1.15.15-1~deb11u4 \|\| =1.15.15-2 \|\| =1.15.15-3 \|\| =1.15.15-4 \|\| =1.15.15-5 \|\| =1.15.9-6	-
rpm rhel8	go-toolset	<0:1.17.10-1.module+el8.6.0+15486+6d4da7db	0:1.17.10-1.module+el8.6.0+15486+6d4da7db
rpm rhel9	go-toolset	<0:1.17.12-1.el9_0	0:1.17.12-1.el9_0
rpm rhel9	golang	<0:1.17.12-1.el9_0	0:1.17.12-1.el9_0

Aliases

1. CVE-2022-295262. NVD-2022-295263. OSV-2022-295264. OSV-GO-2022-04935. OSV-DEBIAN-2022-295266. GHSA-p782-xgp4-8hr87. GCVE-2022-295268. security.gentoo.org9. SECURITY-TRACKER-CVE-2022-29526

References