Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    4 vulnerabilities found for syscall by Go standard library

    CVE-2025-0913 (GCVE-0-2025-0913)

    Vulnerability from nvd – Published: 2025-06-11 17:17 – Updated: 2025-06-11 17:37
    VLAI
    Title
    Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall
    Summary
    os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    Go
    Impacted products
    Vendor Product Version
    Go standard library syscall Affected: 0 , < 1.23.10 (semver)
    Affected: 1.24.0-0 , < 1.24.4 (semver)
    Create a notification for this product.
    Go standard library os Affected: 0 , < 1.23.10 (semver)
    Affected: 1.24.0-0 , < 1.24.4 (semver)
    Create a notification for this product.
    Credits
    Junyoung Park and Dong-uk Kim of KAIST Hacking Lab
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-0913",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-11T17:35:44.313980Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-11T17:37:52.111Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://pkg.go.dev",
              "defaultStatus": "unaffected",
              "packageName": "syscall",
              "platforms": [
                "windows"
              ],
              "product": "syscall",
              "programRoutines": [
                {
                  "name": "Open"
                }
              ],
              "vendor": "Go standard library",
              "versions": [
                {
                  "lessThan": "1.23.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.24.4",
                  "status": "affected",
                  "version": "1.24.0-0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://pkg.go.dev",
              "defaultStatus": "unaffected",
              "packageName": "os",
              "platforms": [
                "windows"
              ],
              "product": "os",
              "programRoutines": [
                {
                  "name": "OpenFile"
                },
                {
                  "name": "Root.OpenFile"
                },
                {
                  "name": "Chdir"
                },
                {
                  "name": "Chmod"
                },
                {
                  "name": "Chown"
                },
                {
                  "name": "CopyFS"
                },
                {
                  "name": "Create"
                },
                {
                  "name": "CreateTemp"
                },
                {
                  "name": "File.ReadDir"
                },
                {
                  "name": "File.Readdir"
                },
                {
                  "name": "File.Readdirnames"
                },
                {
                  "name": "Getwd"
                },
                {
                  "name": "Lchown"
                },
                {
                  "name": "Link"
                },
                {
                  "name": "Lstat"
                },
                {
                  "name": "Mkdir"
                },
                {
                  "name": "MkdirAll"
                },
                {
                  "name": "MkdirTemp"
                },
                {
                  "name": "NewFile"
                },
                {
                  "name": "Open"
                },
                {
                  "name": "OpenInRoot"
                },
                {
                  "name": "OpenRoot"
                },
                {
                  "name": "Pipe"
                },
                {
                  "name": "ReadDir"
                },
                {
                  "name": "ReadFile"
                },
                {
                  "name": "Remove"
                },
                {
                  "name": "RemoveAll"
                },
                {
                  "name": "Rename"
                },
                {
                  "name": "Root.Create"
                },
                {
                  "name": "Root.Lstat"
                },
                {
                  "name": "Root.Mkdir"
                },
                {
                  "name": "Root.Open"
                },
                {
                  "name": "Root.OpenRoot"
                },
                {
                  "name": "Root.Remove"
                },
                {
                  "name": "Root.Stat"
                },
                {
                  "name": "StartProcess"
                },
                {
                  "name": "Stat"
                },
                {
                  "name": "Symlink"
                },
                {
                  "name": "Truncate"
                },
                {
                  "name": "WriteFile"
                },
                {
                  "name": "dirFS.Open"
                },
                {
                  "name": "dirFS.ReadDir"
                },
                {
                  "name": "dirFS.ReadFile"
                },
                {
                  "name": "dirFS.Stat"
                },
                {
                  "name": "rootFS.Open"
                },
                {
                  "name": "rootFS.ReadDir"
                },
                {
                  "name": "rootFS.ReadFile"
                },
                {
                  "name": "rootFS.Stat"
                },
                {
                  "name": "unixDirent.Info"
                }
              ],
              "vendor": "Go standard library",
              "versions": [
                {
                  "lessThan": "1.23.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.24.4",
                  "status": "affected",
                  "version": "1.24.0-0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Junyoung Park and Dong-uk Kim of KAIST Hacking Lab"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-11T17:17:25.606Z",
            "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
            "shortName": "Go"
          },
          "references": [
            {
              "url": "https://go.dev/cl/672396"
            },
            {
              "url": "https://go.dev/issue/73702"
            },
            {
              "url": "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A"
            },
            {
              "url": "https://pkg.go.dev/vuln/GO-2025-3750"
            }
          ],
          "title": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "assignerShortName": "Go",
        "cveId": "CVE-2025-0913",
        "datePublished": "2025-06-11T17:17:25.606Z",
        "dateReserved": "2025-01-30T21:52:33.447Z",
        "dateUpdated": "2025-06-11T17:37:52.111Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-41716 (GCVE-0-2022-41716)

    Vulnerability from nvd – Published: 2022-11-02 15:28 – Updated: 2024-10-30 13:59
    VLAI
    Title
    Unsanitized NUL in environment variables on Windows in syscall and os/exec
    Summary
    Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavior to set a value for a different environment variable. For example, the environment variable string "A=B\x00C=D" sets the variables "A=B" and "C=D".
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-158 - Improper Neutralization of Null Byte or NUL Character
    Assigner
    Go
    Impacted products
    Vendor Product Version
    Go standard library syscall Affected: 0 , < 1.18.8 (semver)
    Affected: 1.19.0-0 , < 1.19.3 (semver)
    Create a notification for this product.
    Go standard library os/exec Affected: 0 , < 1.18.8 (semver)
    Affected: 1.19.0-0 , < 1.19.3 (semver)
    Create a notification for this product.
    Credits
    RyotaK (https://twitter.com/ryotkak)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T12:49:43.904Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://security.netapp.com/advisory/ntap-20230120-0007/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://go.dev/issue/56284"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://go.dev/cl/446916"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://groups.google.com/g/golang-announce/c/mbHY1UY3BaM/m/hSpmRzk-AgAJ"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://pkg.go.dev/vuln/GO-2022-1095"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 6.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-41716",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-01T14:02:04.861393Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-30T13:59:43.967Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://pkg.go.dev",
              "defaultStatus": "unaffected",
              "packageName": "syscall",
              "platforms": [
                "windows"
              ],
              "product": "syscall",
              "programRoutines": [
                {
                  "name": "StartProcess"
                }
              ],
              "vendor": "Go standard library",
              "versions": [
                {
                  "lessThan": "1.18.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.19.3",
                  "status": "affected",
                  "version": "1.19.0-0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://pkg.go.dev",
              "defaultStatus": "unaffected",
              "packageName": "os/exec",
              "platforms": [
                "windows"
              ],
              "product": "os/exec",
              "programRoutines": [
                {
                  "name": "Cmd.environ"
                },
                {
                  "name": "dedupEnv"
                },
                {
                  "name": "dedupEnvCase"
                },
                {
                  "name": "Cmd.CombinedOutput"
                },
                {
                  "name": "Cmd.Environ"
                },
                {
                  "name": "Cmd.Output"
                },
                {
                  "name": "Cmd.Run"
                },
                {
                  "name": "Cmd.Start"
                }
              ],
              "vendor": "Go standard library",
              "versions": [
                {
                  "lessThan": "1.18.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.19.3",
                  "status": "affected",
                  "version": "1.19.0-0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "RyotaK (https://twitter.com/ryotkak)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavior to set a value for a different environment variable. For example, the environment variable string \"A=B\\x00C=D\" sets the variables \"A=B\" and \"C=D\"."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-158: Improper Neutralization of Null Byte or NUL Character",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-12T19:12:49.198Z",
            "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
            "shortName": "Go"
          },
          "references": [
            {
              "url": "https://go.dev/issue/56284"
            },
            {
              "url": "https://go.dev/cl/446916"
            },
            {
              "url": "https://groups.google.com/g/golang-announce/c/mbHY1UY3BaM/m/hSpmRzk-AgAJ"
            },
            {
              "url": "https://pkg.go.dev/vuln/GO-2022-1095"
            }
          ],
          "title": "Unsanitized NUL in environment variables on Windows in syscall and os/exec"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "assignerShortName": "Go",
        "cveId": "CVE-2022-41716",
        "datePublished": "2022-11-02T15:28:19.574Z",
        "dateReserved": "2022-09-28T17:00:06.607Z",
        "dateUpdated": "2024-10-30T13:59:43.967Z",
        "requesterUserId": "7d08541a-cd0a-42e2-8f81-76e6ceb65fc3",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-0913 (GCVE-0-2025-0913)

    Vulnerability from cvelistv5 – Published: 2025-06-11 17:17 – Updated: 2025-06-11 17:37
    VLAI
    Title
    Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall
    Summary
    os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    Go
    Impacted products
    Vendor Product Version
    Go standard library syscall Affected: 0 , < 1.23.10 (semver)
    Affected: 1.24.0-0 , < 1.24.4 (semver)
    Create a notification for this product.
    Go standard library os Affected: 0 , < 1.23.10 (semver)
    Affected: 1.24.0-0 , < 1.24.4 (semver)
    Create a notification for this product.
    Credits
    Junyoung Park and Dong-uk Kim of KAIST Hacking Lab
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-0913",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-11T17:35:44.313980Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-11T17:37:52.111Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://pkg.go.dev",
              "defaultStatus": "unaffected",
              "packageName": "syscall",
              "platforms": [
                "windows"
              ],
              "product": "syscall",
              "programRoutines": [
                {
                  "name": "Open"
                }
              ],
              "vendor": "Go standard library",
              "versions": [
                {
                  "lessThan": "1.23.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.24.4",
                  "status": "affected",
                  "version": "1.24.0-0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://pkg.go.dev",
              "defaultStatus": "unaffected",
              "packageName": "os",
              "platforms": [
                "windows"
              ],
              "product": "os",
              "programRoutines": [
                {
                  "name": "OpenFile"
                },
                {
                  "name": "Root.OpenFile"
                },
                {
                  "name": "Chdir"
                },
                {
                  "name": "Chmod"
                },
                {
                  "name": "Chown"
                },
                {
                  "name": "CopyFS"
                },
                {
                  "name": "Create"
                },
                {
                  "name": "CreateTemp"
                },
                {
                  "name": "File.ReadDir"
                },
                {
                  "name": "File.Readdir"
                },
                {
                  "name": "File.Readdirnames"
                },
                {
                  "name": "Getwd"
                },
                {
                  "name": "Lchown"
                },
                {
                  "name": "Link"
                },
                {
                  "name": "Lstat"
                },
                {
                  "name": "Mkdir"
                },
                {
                  "name": "MkdirAll"
                },
                {
                  "name": "MkdirTemp"
                },
                {
                  "name": "NewFile"
                },
                {
                  "name": "Open"
                },
                {
                  "name": "OpenInRoot"
                },
                {
                  "name": "OpenRoot"
                },
                {
                  "name": "Pipe"
                },
                {
                  "name": "ReadDir"
                },
                {
                  "name": "ReadFile"
                },
                {
                  "name": "Remove"
                },
                {
                  "name": "RemoveAll"
                },
                {
                  "name": "Rename"
                },
                {
                  "name": "Root.Create"
                },
                {
                  "name": "Root.Lstat"
                },
                {
                  "name": "Root.Mkdir"
                },
                {
                  "name": "Root.Open"
                },
                {
                  "name": "Root.OpenRoot"
                },
                {
                  "name": "Root.Remove"
                },
                {
                  "name": "Root.Stat"
                },
                {
                  "name": "StartProcess"
                },
                {
                  "name": "Stat"
                },
                {
                  "name": "Symlink"
                },
                {
                  "name": "Truncate"
                },
                {
                  "name": "WriteFile"
                },
                {
                  "name": "dirFS.Open"
                },
                {
                  "name": "dirFS.ReadDir"
                },
                {
                  "name": "dirFS.ReadFile"
                },
                {
                  "name": "dirFS.Stat"
                },
                {
                  "name": "rootFS.Open"
                },
                {
                  "name": "rootFS.ReadDir"
                },
                {
                  "name": "rootFS.ReadFile"
                },
                {
                  "name": "rootFS.Stat"
                },
                {
                  "name": "unixDirent.Info"
                }
              ],
              "vendor": "Go standard library",
              "versions": [
                {
                  "lessThan": "1.23.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.24.4",
                  "status": "affected",
                  "version": "1.24.0-0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Junyoung Park and Dong-uk Kim of KAIST Hacking Lab"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-11T17:17:25.606Z",
            "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
            "shortName": "Go"
          },
          "references": [
            {
              "url": "https://go.dev/cl/672396"
            },
            {
              "url": "https://go.dev/issue/73702"
            },
            {
              "url": "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A"
            },
            {
              "url": "https://pkg.go.dev/vuln/GO-2025-3750"
            }
          ],
          "title": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "assignerShortName": "Go",
        "cveId": "CVE-2025-0913",
        "datePublished": "2025-06-11T17:17:25.606Z",
        "dateReserved": "2025-01-30T21:52:33.447Z",
        "dateUpdated": "2025-06-11T17:37:52.111Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-41716 (GCVE-0-2022-41716)

    Vulnerability from cvelistv5 – Published: 2022-11-02 15:28 – Updated: 2024-10-30 13:59
    VLAI
    Title
    Unsanitized NUL in environment variables on Windows in syscall and os/exec
    Summary
    Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavior to set a value for a different environment variable. For example, the environment variable string "A=B\x00C=D" sets the variables "A=B" and "C=D".
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-158 - Improper Neutralization of Null Byte or NUL Character
    Assigner
    Go
    Impacted products
    Vendor Product Version
    Go standard library syscall Affected: 0 , < 1.18.8 (semver)
    Affected: 1.19.0-0 , < 1.19.3 (semver)
    Create a notification for this product.
    Go standard library os/exec Affected: 0 , < 1.18.8 (semver)
    Affected: 1.19.0-0 , < 1.19.3 (semver)
    Create a notification for this product.
    Credits
    RyotaK (https://twitter.com/ryotkak)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T12:49:43.904Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://security.netapp.com/advisory/ntap-20230120-0007/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://go.dev/issue/56284"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://go.dev/cl/446916"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://groups.google.com/g/golang-announce/c/mbHY1UY3BaM/m/hSpmRzk-AgAJ"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://pkg.go.dev/vuln/GO-2022-1095"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 6.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-41716",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-01T14:02:04.861393Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-30T13:59:43.967Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://pkg.go.dev",
              "defaultStatus": "unaffected",
              "packageName": "syscall",
              "platforms": [
                "windows"
              ],
              "product": "syscall",
              "programRoutines": [
                {
                  "name": "StartProcess"
                }
              ],
              "vendor": "Go standard library",
              "versions": [
                {
                  "lessThan": "1.18.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.19.3",
                  "status": "affected",
                  "version": "1.19.0-0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://pkg.go.dev",
              "defaultStatus": "unaffected",
              "packageName": "os/exec",
              "platforms": [
                "windows"
              ],
              "product": "os/exec",
              "programRoutines": [
                {
                  "name": "Cmd.environ"
                },
                {
                  "name": "dedupEnv"
                },
                {
                  "name": "dedupEnvCase"
                },
                {
                  "name": "Cmd.CombinedOutput"
                },
                {
                  "name": "Cmd.Environ"
                },
                {
                  "name": "Cmd.Output"
                },
                {
                  "name": "Cmd.Run"
                },
                {
                  "name": "Cmd.Start"
                }
              ],
              "vendor": "Go standard library",
              "versions": [
                {
                  "lessThan": "1.18.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.19.3",
                  "status": "affected",
                  "version": "1.19.0-0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "RyotaK (https://twitter.com/ryotkak)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavior to set a value for a different environment variable. For example, the environment variable string \"A=B\\x00C=D\" sets the variables \"A=B\" and \"C=D\"."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-158: Improper Neutralization of Null Byte or NUL Character",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-12T19:12:49.198Z",
            "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
            "shortName": "Go"
          },
          "references": [
            {
              "url": "https://go.dev/issue/56284"
            },
            {
              "url": "https://go.dev/cl/446916"
            },
            {
              "url": "https://groups.google.com/g/golang-announce/c/mbHY1UY3BaM/m/hSpmRzk-AgAJ"
            },
            {
              "url": "https://pkg.go.dev/vuln/GO-2022-1095"
            }
          ],
          "title": "Unsanitized NUL in environment variables on Windows in syscall and os/exec"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "assignerShortName": "Go",
        "cveId": "CVE-2022-41716",
        "datePublished": "2022-11-02T15:28:19.574Z",
        "dateReserved": "2022-09-28T17:00:06.607Z",
        "dateUpdated": "2024-10-30T13:59:43.967Z",
        "requesterUserId": "7d08541a-cd0a-42e2-8f81-76e6ceb65fc3",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }