cvelistv5 - cve-2023-45283

URL	Tags
security@golang.org	http://www.openwall.com/lists/oss-security/2023/12/05/2
security@golang.org	https://go.dev/cl/540277	Issue Tracking, Vendor Advisory
security@golang.org	https://go.dev/cl/541175
security@golang.org	https://go.dev/issue/63713	Issue Tracking, Vendor Advisory
security@golang.org	https://go.dev/issue/64028
security@golang.org	https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY	Issue Tracking, Mailing List, Vendor Advisory
security@golang.org	https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ
security@golang.org	https://pkg.go.dev/vuln/GO-2023-2185	Issue Tracking, Vendor Advisory
security@golang.org	https://security.netapp.com/advisory/ntap-20231214-0008/

▼	Vendor	Product
	Go standard library	path/filepath
	Go standard library	internal/safefilepath
	Go standard library	path/filepath

gsd-2023-45283

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

The filepath package does not recognize paths with a \??\ prefix as special. On Windows, a path beginning with \??\ is a Root Local Device path equivalent to a path beginning with \\?\. Paths with a \??\ prefix may be used to access arbitrary locations on the system. For example, the path \??\c:\x is equivalent to the more common path c:\x. Before fix, Clean could convert a rooted path such as \a\..\??\b into the root local device path \??\b. Clean will now convert this to .\??\b. Similarly, Join(\, ??, b) could convert a seemingly innocent sequence of path elements into the root local device path \??\b. Join will now convert this to \.\??\b. In addition, with fix, IsAbs now correctly reports paths beginning with \??\ as absolute, and VolumeName correctly reports the \??\ prefix as a volume name. UPDATE: Go 1.20.11 and Go 1.21.4 inadvertently changed the definition of the volume name in Windows paths starting with \?, resulting in filepath.Clean(\?\c:) returning \?\c: rather than \?\c:\ (among other effects). The previous behavior has been restored.

Aliases

CVE-2023-45283

Aliases

CVE-2023-45283

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-45283",
    "id": "GSD-2023-45283"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-45283"
      ],
      "details": "The filepath package does not recognize paths with a \\??\\ prefix as special. On Windows, a path beginning with \\??\\ is a Root Local Device path equivalent to a path beginning with \\\\?\\. Paths with a \\??\\ prefix may be used to access arbitrary locations on the system. For example, the path \\??\\c:\\x is equivalent to the more common path c:\\x. Before fix, Clean could convert a rooted path such as \\a\\..\\??\\b into the root local device path \\??\\b. Clean will now convert this to .\\??\\b. Similarly, Join(\\, ??, b) could convert a seemingly innocent sequence of path elements into the root local device path \\??\\b. Join will now convert this to \\.\\??\\b. In addition, with fix, IsAbs now correctly reports paths beginning with \\??\\ as absolute, and VolumeName correctly reports the \\??\\ prefix as a volume name. UPDATE: Go 1.20.11 and Go 1.21.4 inadvertently changed the definition of the volume name in Windows paths starting with \\?, resulting in filepath.Clean(\\?\\c:) returning \\?\\c: rather than \\?\\c:\\ (among other effects). The previous behavior has been restored.",
      "id": "GSD-2023-45283",
      "modified": "2023-12-13T01:20:37.908154Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@golang.org",
        "ID": "CVE-2023-45283",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "path/filepath",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "0",
                          "version_value": "1.20.11"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "1.21.0-0",
                          "version_value": "1.21.4"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "1.20.11",
                          "version_value": "1.20.12"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "1.21.4",
                          "version_value": "1.21.5"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "internal/safefilepath",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "0",
                          "version_value": "1.20.11"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "1.21.0-0",
                          "version_value": "1.21.4"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Go standard library"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The filepath package does not recognize paths with a \\??\\ prefix as special. On Windows, a path beginning with \\??\\ is a Root Local Device path equivalent to a path beginning with \\\\?\\. Paths with a \\??\\ prefix may be used to access arbitrary locations on the system. For example, the path \\??\\c:\\x is equivalent to the more common path c:\\x. Before fix, Clean could convert a rooted path such as \\a\\..\\??\\b into the root local device path \\??\\b. Clean will now convert this to .\\??\\b. Similarly, Join(\\, ??, b) could convert a seemingly innocent sequence of path elements into the root local device path \\??\\b. Join will now convert this to \\.\\??\\b. In addition, with fix, IsAbs now correctly reports paths beginning with \\??\\ as absolute, and VolumeName correctly reports the \\??\\ prefix as a volume name. UPDATE: Go 1.20.11 and Go 1.21.4 inadvertently changed the definition of the volume name in Windows paths starting with \\?, resulting in filepath.Clean(\\?\\c:) returning \\?\\c: rather than \\?\\c:\\ (among other effects). The previous behavior has been restored."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-41: Improper Resolution of Path Equivalence"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://go.dev/issue/63713",
            "refsource": "MISC",
            "url": "https://go.dev/issue/63713"
          },
          {
            "name": "https://go.dev/cl/540277",
            "refsource": "MISC",
            "url": "https://go.dev/cl/540277"
          },
          {
            "name": "https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY",
            "refsource": "MISC",
            "url": "https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY"
          },
          {
            "name": "https://go.dev/issue/64028",
            "refsource": "MISC",
            "url": "https://go.dev/issue/64028"
          },
          {
            "name": "https://go.dev/cl/541175",
            "refsource": "MISC",
            "url": "https://go.dev/cl/541175"
          },
          {
            "name": "https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ",
            "refsource": "MISC",
            "url": "https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ"
          },
          {
            "name": "https://pkg.go.dev/vuln/GO-2023-2185",
            "refsource": "MISC",
            "url": "https://pkg.go.dev/vuln/GO-2023-2185"
          },
          {
            "name": "http://www.openwall.com/lists/oss-security/2023/12/05/2",
            "refsource": "MISC",
            "url": "http://www.openwall.com/lists/oss-security/2023/12/05/2"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20231214-0008/",
            "refsource": "MISC",
            "url": "https://security.netapp.com/advisory/ntap-20231214-0008/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "C1E7C289-7484-4AA8-A96B-07D2E2933258",
                    "versionEndExcluding": "1.20.11",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "4E3FC16C-41B2-4900-901F-48BDA3DC9ED2",
                    "versionEndExcluding": "1.21.4",
                    "versionStartIncluding": "1.21.0-0",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "The filepath package does not recognize paths with a \\??\\ prefix as special. On Windows, a path beginning with \\??\\ is a Root Local Device path equivalent to a path beginning with \\\\?\\. Paths with a \\??\\ prefix may be used to access arbitrary locations on the system. For example, the path \\??\\c:\\x is equivalent to the more common path c:\\x. Before fix, Clean could convert a rooted path such as \\a\\..\\??\\b into the root local device path \\??\\b. Clean will now convert this to .\\??\\b. Similarly, Join(\\, ??, b) could convert a seemingly innocent sequence of path elements into the root local device path \\??\\b. Join will now convert this to \\.\\??\\b. In addition, with fix, IsAbs now correctly reports paths beginning with \\??\\ as absolute, and VolumeName correctly reports the \\??\\ prefix as a volume name. UPDATE: Go 1.20.11 and Go 1.21.4 inadvertently changed the definition of the volume name in Windows paths starting with \\?, resulting in filepath.Clean(\\?\\c:) returning \\?\\c: rather than \\?\\c:\\ (among other effects). The previous behavior has been restored."
          },
          {
            "lang": "es",
            "value": "El paquete filepath no reconoce las rutas con el prefijo \\??\\ como especiales. En Windows, una ruta que comienza con \\??\\ es una ruta de dispositivo local ra\u00edz equivalente a una ruta que comienza con \\\\?\\. Se pueden utilizar rutas con un prefijo \\??\\ para acceder a ubicaciones arbitrarias en el sistema. Por ejemplo, la ruta \\??\\c:\\x es equivalente a la ruta m\u00e1s com\u00fan c:\\x. Antes de la soluci\u00f3n, Clean pod\u00eda convertir una ruta ra\u00edz como \\a\\..\\??\\b en la ruta ra\u00edz del dispositivo local \\??\\b. Clean ahora convertir\u00e1 esto a .\\??\\b. De manera similar, Join(\\, ??, b) podr\u00eda convertir una secuencia aparentemente inocente de elementos de ruta en la ruta del dispositivo local ra\u00edz \\??\\b. Unirse ahora convertir\u00e1 esto a \\.\\??\\b. Adem\u00e1s, con la soluci\u00f3n, IsAbs ahora informa correctamente las rutas que comienzan con \\??\\ como absolutas, y VolumeName informa correctamente el prefijo \\??\\ como nombre de volumen."
          }
        ],
        "id": "CVE-2023-45283",
        "lastModified": "2023-12-14T10:15:07.947",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 3.6,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2023-11-09T17:15:08.757",
        "references": [
          {
            "source": "security@golang.org",
            "url": "http://www.openwall.com/lists/oss-security/2023/12/05/2"
          },
          {
            "source": "security@golang.org",
            "tags": [
              "Issue Tracking",
              "Vendor Advisory"
            ],
            "url": "https://go.dev/cl/540277"
          },
          {
            "source": "security@golang.org",
            "url": "https://go.dev/cl/541175"
          },
          {
            "source": "security@golang.org",
            "tags": [
              "Issue Tracking",
              "Vendor Advisory"
            ],
            "url": "https://go.dev/issue/63713"
          },
          {
            "source": "security@golang.org",
            "url": "https://go.dev/issue/64028"
          },
          {
            "source": "security@golang.org",
            "tags": [
              "Issue Tracking",
              "Mailing List",
              "Vendor Advisory"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY"
          },
          {
            "source": "security@golang.org",
            "url": "https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ"
          },
          {
            "source": "security@golang.org",
            "tags": [
              "Issue Tracking",
              "Vendor Advisory"
            ],
            "url": "https://pkg.go.dev/vuln/GO-2023-2185"
          },
          {
            "source": "security@golang.org",
            "url": "https://security.netapp.com/advisory/ntap-20231214-0008/"
          }
        ],
        "sourceIdentifier": "security@golang.org",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-22"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

ghsa-vvjp-q62m-2vph

Vulnerability from github

Published

2023-11-09 18:34

Modified

2023-11-17 18:30

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

The filepath package does not recognize paths with a \??\ prefix as special. On Windows, a path beginning with \??\ is a Root Local Device path equivalent to a path beginning with \?. Paths with a \??\ prefix may be used to access arbitrary locations on the system. For example, the path \??\c:\x is equivalent to the more common path c:\x. Before fix, Clean could convert a rooted path such as \a..\??\b into the root local device path \??\b. Clean will now convert this to .\??\b. Similarly, Join(\, ??, b) could convert a seemingly innocent sequence of path elements into the root local device path \??\b. Join will now convert this to .\??\b. In addition, with fix, IsAbs now correctly reports paths beginning with \??\ as absolute, and VolumeName correctly reports the \??\ prefix as a volume name.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-45283"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-09T17:15:08Z",
    "severity": "HIGH"
  },
  "details": "The filepath package does not recognize paths with a \\??\\ prefix as special. On Windows, a path beginning with \\??\\ is a Root Local Device path equivalent to a path beginning with \\\\?\\. Paths with a \\??\\ prefix may be used to access arbitrary locations on the system. For example, the path \\??\\c:\\x is equivalent to the more common path c:\\x. Before fix, Clean could convert a rooted path such as \\a\\..\\??\\b into the root local device path \\??\\b. Clean will now convert this to .\\??\\b. Similarly, Join(\\, ??, b) could convert a seemingly innocent sequence of path elements into the root local device path \\??\\b. Join will now convert this to \\.\\??\\b. In addition, with fix, IsAbs now correctly reports paths beginning with \\??\\ as absolute, and VolumeName correctly reports the \\??\\ prefix as a volume name.",
  "id": "GHSA-vvjp-q62m-2vph",
  "modified": "2023-11-17T18:30:49Z",
  "published": "2023-11-09T18:34:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45283"
    },
    {
      "type": "WEB",
      "url": "https://go.dev/cl/540277"
    },
    {
      "type": "WEB",
      "url": "https://go.dev/cl/541175"
    },
    {
      "type": "WEB",
      "url": "https://go.dev/issue/63713"
    },
    {
      "type": "WEB",
      "url": "https://go.dev/issue/64028"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2023-2185"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20231214-0008"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/12/05/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

wid-sec-w-2023-2856

Vulnerability from csaf_certbund

Published

2023-11-07 23:00

Modified

2024-05-20 22:00

Summary

Golang Go: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Go ist eine quelloffene Programmiersprache.

Angriff

Ein lokaler Angreifer kann mehrere Schwachstellen in Golang Go ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.

Betroffene Betriebssysteme

- Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Go ist eine quelloffene Programmiersprache.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen in Golang Go ausnutzen, um einen nicht n\u00e4her spezifizierten Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-2856 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2856.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-2856 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2856"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:4708-1 vom 2023-12-11",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017307.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2024-1903 vom 2024-01-09",
        "url": "https://alas.aws.amazon.com/ALAS-2024-1903.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2024-2388 vom 2024-01-10",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2388.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:4709-1 vom 2023-12-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017389.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:4930-1 vom 2023-12-20",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017504.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:4931-1 vom 2023-12-20",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017503.html"
      },
      {
        "category": "external",
        "summary": "GitHub Golang vom 2023-11-07",
        "url": "https://github.com/golang/go/issues/63713"
      },
      {
        "category": "external",
        "summary": "GitHub Golang vom 2023-11-07",
        "url": "https://github.com/golang/go/issues/63715"
      },
      {
        "category": "external",
        "summary": "Go Vulnerability Database GO-2023-2186 vom 2023-11-09",
        "url": "https://pkg.go.dev/vuln/GO-2023-2186"
      },
      {
        "category": "external",
        "summary": "Go Vulnerability Database GO-2023-2185 vom 2023-11-09",
        "url": "https://pkg.go.dev/vuln/GO-2023-2185"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:4470-1 vom 2023-11-16",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-November/017049.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:4469-1 vom 2023-11-16",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-November/017050.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:4472-1 vom 2023-11-16",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-November/017047.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:4471-1 vom 2023-11-16",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-November/017048.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7154430 vom 2024-05-20",
        "url": "https://www.ibm.com/support/pages/node/7154430"
      }
    ],
    "source_lang": "en-US",
    "title": "Golang Go: Mehrere Schwachstellen erm\u00f6glichen nicht spezifizierten Angriff",
    "tracking": {
      "current_release_date": "2024-05-20T22:00:00.000+00:00",
      "generator": {
        "date": "2024-05-21T08:37:24.240+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.0"
        }
      },
      "id": "WID-SEC-W-2023-2856",
      "initial_release_date": "2023-11-07T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-11-07T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-11-08T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Go aufgenommen"
        },
        {
          "date": "2023-11-16T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2023-12-11T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2023-12-14T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2023-12-20T23:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-01-08T23:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2024-01-09T23:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2024-05-20T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von IBM aufgenommen"
        }
      ],
      "status": "final",
      "version": "9"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c1.21.4",
                "product": {
                  "name": "Golang Go \u003c1.21.4",
                  "product_id": "T030991",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:golang:go:1.21.4"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Go"
          }
        ],
        "category": "vendor",
        "name": "Golang"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "REST \u003c1.0.0.301-amd64",
                "product": {
                  "name": "IBM DB2 REST \u003c1.0.0.301-amd64",
                  "product_id": "T034919",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:db2:1.0.0.301-amd64::rest"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "DB2"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-45283",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Golang Go aufgrund einer Pfad\u00fcberquerung, die zu diesem Zeitpunkt noch nicht im Detail beschrieben und ver\u00f6ffentlicht wurde. Ein Angreifer kann diese Schwachstelle ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "398363",
          "T034919"
        ]
      },
      "release_date": "2023-11-07T23:00:00Z",
      "title": "CVE-2023-45283"
    },
    {
      "cve": "CVE-2023-45284",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Golang Go IsLokal Funktion, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurde. Ein Angreifer kann diese Schwachstelle ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "398363",
          "T034919"
        ]
      },
      "release_date": "2023-11-07T23:00:00Z",
      "title": "CVE-2023-45284"
    }
  ]
}

wid-sec-w-2023-3038

Vulnerability from csaf_certbund

Published

2023-11-30 23:00

Modified

2024-05-30 22:00

Summary

Golang Go: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Go ist eine quelloffene Programmiersprache.

Angriff

Ein Angreifer kann mehrere Schwachstellen in Golang Go ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.

Betroffene Betriebssysteme

- Linux - MacOS X - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Go ist eine quelloffene Programmiersprache.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Golang Go ausnutzen, um einen nicht n\u00e4her spezifizierten Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- MacOS X\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-3038 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-3038.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-3038 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3038"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:1078 vom 2024-03-05",
        "url": "https://access.redhat.com/errata/RHSA-2024:1078"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-12190 vom 2024-03-04",
        "url": "https://linux.oracle.com/errata/ELSA-2024-12190.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-12191 vom 2024-03-04",
        "url": "https://linux.oracle.com/errata/ELSA-2024-12191.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:4708-1 vom 2023-12-11",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017307.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:0530 vom 2024-01-25",
        "url": "https://access.redhat.com/errata/RHSA-2024:0530"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2024-1903 vom 2024-01-09",
        "url": "https://alas.aws.amazon.com/ALAS-2024-1903.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:1149 vom 2024-03-06",
        "url": "https://access.redhat.com/errata/RHSA-2024:1149"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALASDOCKER-2024-039 vom 2024-03-06",
        "url": "https://alas.aws.amazon.com/AL2/ALASDOCKER-2024-039.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALASNITRO-ENCLAVES-2024-039 vom 2024-03-06",
        "url": "https://alas.aws.amazon.com/AL2/ALASNITRO-ENCLAVES-2024-039.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:1131 vom 2024-03-05",
        "url": "https://access.redhat.com/errata/RHSA-2024:1131"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALASECS-2024-035 vom 2024-03-06",
        "url": "https://alas.aws.amazon.com/AL2/ALASECS-2024-035.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7129944 vom 2024-03-06",
        "url": "https://www.ibm.com/support/pages/node/7129944"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2024-2388 vom 2024-01-10",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2388.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:1244 vom 2024-03-11",
        "url": "https://access.redhat.com/errata/RHSA-2024:1244"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:7198 vom 2024-02-28",
        "url": "https://access.redhat.com/errata/RHSA-2023:7198"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:0269 vom 2024-02-28",
        "url": "https://access.redhat.com/errata/RHSA-2024:0269"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:7200 vom 2024-02-28",
        "url": "https://access.redhat.com/errata/RHSA-2023:7200"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6574-1 vom 2024-01-11",
        "url": "https://ubuntu.com/security/notices/USN-6574-1"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:4709-1 vom 2023-12-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017389.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:0843 vom 2024-02-15",
        "url": "https://access.redhat.com/errata/RHSA-2024:0843"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2024-193547DEF8 vom 2024-01-16",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-193547def8"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:1041 vom 2024-02-29",
        "url": "https://access.redhat.com/errata/RHSA-2024:1041"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:4931-1 vom 2023-12-20",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017503.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:4930-1 vom 2023-12-20",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017504.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:0281 vom 2024-03-06",
        "url": "https://access.redhat.com/errata/RHSA-2024:0281"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2024-9B53B79398 vom 2024-03-06",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-9b53b79398"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2024-2446 vom 2024-02-06",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2446.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:0880 vom 2024-02-20",
        "url": "https://access.redhat.com/errata/RHSA-2024:0880"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:0887 vom 2024-02-20",
        "url": "https://access.redhat.com/errata/RHSA-2024:0887"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-1149 vom 2024-03-07",
        "url": "https://linux.oracle.com/errata/ELSA-2024-1149.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-1131 vom 2024-03-07",
        "url": "http://linux.oracle.com/errata/ELSA-2024-1131.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:0694 vom 2024-02-07",
        "url": "https://access.redhat.com/errata/RHSA-2024:0694"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:0695 vom 2024-02-07",
        "url": "https://access.redhat.com/errata/RHSA-2024:0695"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:0728 vom 2024-02-08",
        "url": "https://access.redhat.com/errata/RHSA-2024:0728"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:0748 vom 2024-02-08",
        "url": "https://access.redhat.com/errata/RHSA-2024:0748"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-0887 vom 2024-02-23",
        "url": "https://linux.oracle.com/errata/ELSA-2024-0887.html"
      },
      {
        "category": "external",
        "summary": "Go 1.21.5 and Go 1.20.12 pre-announcement vom 2023-11-30",
        "url": "https://groups.google.com/g/golang-announce/c/TABUsV4-FiU"
      },
      {
        "category": "external",
        "summary": "Github Golang/Go vom 2023-11-30",
        "url": "https://github.com/golang/go/issues/64433"
      },
      {
        "category": "external",
        "summary": "Security fixes in Go 1.21.5 and Go 1.20.12 releases vom 2023-12-05",
        "url": "https://groups.google.com/g/golang-announce/c/iLGK3x6yuNo?pli=1"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:1433 vom 2024-03-20",
        "url": "https://access.redhat.com/errata/RHSA-2024:1433"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-12225 vom 2024-03-19",
        "url": "https://linux.oracle.com/errata/ELSA-2024-12225.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:1434 vom 2024-03-20",
        "url": "https://access.redhat.com/errata/RHSA-2024:1434"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-12226 vom 2024-03-20",
        "url": "https://linux.oracle.com/errata/ELSA-2024-12226.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7145581 vom 2024-04-01",
        "url": "https://www.ibm.com/support/pages/node/7145581"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:1640 vom 2024-04-02",
        "url": "https://access.redhat.com/errata/RHSA-2024:1640"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-12263 vom 2024-04-03",
        "url": "https://linux.oracle.com/errata/ELSA-2024-12263.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-12261 vom 2024-04-03",
        "url": "https://linux.oracle.com/errata/ELSA-2024-12261.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-12262 vom 2024-04-03",
        "url": "https://linux.oracle.com/errata/ELSA-2024-12262.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-12264 vom 2024-04-03",
        "url": "https://linux.oracle.com/errata/ELSA-2024-12264.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:1812 vom 2024-04-15",
        "url": "https://access.redhat.com/errata/RHSA-2024:1812"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:1859 vom 2024-04-16",
        "url": "https://access.redhat.com/errata/RHSA-2024:1859"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-12328 vom 2024-04-17",
        "url": "https://linux.oracle.com/errata/ELSA-2024-12328.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-12329 vom 2024-04-17",
        "url": "https://linux.oracle.com/errata/ELSA-2024-12329.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:1901 vom 2024-04-18",
        "url": "https://access.redhat.com/errata/RHSA-2024:1901"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:1896 vom 2024-04-25",
        "url": "https://access.redhat.com/errata/RHSA-2024:1896"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-2084 vom 2024-04-30",
        "url": "https://linux.oracle.com/errata/ELSA-2024-2084.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:2160 vom 2024-04-30",
        "url": "https://access.redhat.com/errata/RHSA-2024:2160"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:2193 vom 2024-04-30",
        "url": "https://access.redhat.com/errata/RHSA-2024:2193"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2024-2543 vom 2024-05-15",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2543.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7154430 vom 2024-05-20",
        "url": "https://www.ibm.com/support/pages/node/7154430"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:2988 vom 2024-05-22",
        "url": "https://access.redhat.com/errata/RHSA-2024:2988"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-2988 vom 2024-05-28",
        "url": "https://linux.oracle.com/errata/ELSA-2024-2988.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:3467 vom 2024-05-29",
        "url": "https://access.redhat.com/errata/RHSA-2024:3467"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:3479 vom 2024-05-29",
        "url": "https://access.redhat.com/errata/RHSA-2024:3479"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:2728 vom 2024-05-29",
        "url": "https://access.redhat.com/errata/RHSA-2024:2728"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2024-2556 vom 2024-05-30",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2556.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Golang Go: Mehrere Schwachstellen erm\u00f6glichen nicht spezifizierten Angriff",
    "tracking": {
      "current_release_date": "2024-05-30T22:00:00.000+00:00",
      "generator": {
        "date": "2024-05-31T09:36:19.655+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.0"
        }
      },
      "id": "WID-SEC-W-2023-3038",
      "initial_release_date": "2023-11-30T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-11-30T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-12-05T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates aufgenommen, Beschreibung erg\u00e4nzt"
        },
        {
          "date": "2023-12-11T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2023-12-14T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2023-12-20T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-01-08T23:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2024-01-09T23:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2024-01-10T23:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-01-15T23:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Fedora aufgenommen"
        },
        {
          "date": "2024-01-25T23:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-02-05T23:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2024-02-07T23:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-02-08T23:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-02-15T23:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-02-20T23:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-02-22T23:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2024-02-27T23:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-02-28T23:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-03-04T23:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
        },
        {
          "date": "2024-03-05T23:00:00.000+00:00",
          "number": "20",
          "summary": "Neue Updates von Red Hat und Amazon aufgenommen"
        },
        {
          "date": "2024-03-06T23:00:00.000+00:00",
          "number": "21",
          "summary": "Neue Updates von Red Hat und Fedora aufgenommen"
        },
        {
          "date": "2024-03-07T23:00:00.000+00:00",
          "number": "22",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2024-03-11T23:00:00.000+00:00",
          "number": "23",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-03-19T23:00:00.000+00:00",
          "number": "24",
          "summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
        },
        {
          "date": "2024-03-20T23:00:00.000+00:00",
          "number": "25",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2024-04-01T22:00:00.000+00:00",
          "number": "26",
          "summary": "Neue Updates von IBM und IBM-APAR aufgenommen"
        },
        {
          "date": "2024-04-02T22:00:00.000+00:00",
          "number": "27",
          "summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
        },
        {
          "date": "2024-04-14T22:00:00.000+00:00",
          "number": "28",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-04-16T22:00:00.000+00:00",
          "number": "29",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-04-17T22:00:00.000+00:00",
          "number": "30",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-04-25T22:00:00.000+00:00",
          "number": "31",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-04-29T22:00:00.000+00:00",
          "number": "32",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2024-05-15T22:00:00.000+00:00",
          "number": "33",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2024-05-20T22:00:00.000+00:00",
          "number": "34",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-05-21T22:00:00.000+00:00",
          "number": "35",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-05-28T22:00:00.000+00:00",
          "number": "36",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2024-05-30T22:00:00.000+00:00",
          "number": "37",
          "summary": "Neue Updates von Red Hat aufgenommen"
        }
      ],
      "status": "final",
      "version": "37"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Fedora Linux",
            "product": {
              "name": "Fedora Linux",
              "product_id": "74185",
              "product_identification_helper": {
                "cpe": "cpe:/o:fedoraproject:fedora:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Fedora"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c1.21.5",
                "product": {
                  "name": "Golang Go \u003c1.21.5",
                  "product_id": "T031433",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:golang:go:1.21.5"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c1.20.12",
                "product": {
                  "name": "Golang Go \u003c1.20.12",
                  "product_id": "T031434",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:golang:go:1.20.12"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Go"
          }
        ],
        "category": "vendor",
        "name": "Golang"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "IBM App Connect Enterprise",
            "product": {
              "name": "IBM App Connect Enterprise",
              "product_id": "T032495",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:app_connect_enterprise:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "REST \u003c1.0.0.301-amd64",
                "product": {
                  "name": "IBM DB2 REST \u003c1.0.0.301-amd64",
                  "product_id": "T034919",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:db2:1.0.0.301-amd64::rest"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "DB2"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c10.5.4",
                "product": {
                  "name": "IBM DataPower Gateway \u003c10.5.4",
                  "product_id": "T033810",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:datapower_gateway:10.5.4"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c10.5.0.10",
                "product": {
                  "name": "IBM DataPower Gateway \u003c10.5.0.10",
                  "product_id": "T033811",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:datapower_gateway:10.5.0.10"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c10.0.1.18",
                "product": {
                  "name": "IBM DataPower Gateway \u003c10.0.1.18",
                  "product_id": "T033812",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:datapower_gateway:10.0.1.18"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "DataPower Gateway"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "2.4",
                "product": {
                  "name": "Red Hat Ansible Automation Platform 2.4",
                  "product_id": "1496312",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Ansible Automation Platform"
          },
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Secondary Scheduler Operator",
                "product": {
                  "name": "Red Hat OpenShift Secondary Scheduler Operator",
                  "product_id": "T027759",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:::secondary_scheduler_operator"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Logging Subsystem \u003c5.8.3",
                "product": {
                  "name": "Red Hat OpenShift Logging Subsystem \u003c5.8.3",
                  "product_id": "T032604",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:logging_subsystem__5.8.3"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "OpenShift"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-39326",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Golang Go, aufgrund unvollst\u00e4ndiger Eingabepr\u00fcfungen und weil git auf unsichere Protokolle zur\u00fcckfallen kann. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033810",
          "67646",
          "T032604",
          "T033811",
          "T033812",
          "T004914",
          "74185",
          "T032495",
          "T002207",
          "T027759",
          "T000126",
          "398363",
          "1496312",
          "T034919"
        ]
      },
      "release_date": "2023-11-30T23:00:00Z",
      "title": "CVE-2023-39326"
    },
    {
      "cve": "CVE-2023-45283",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Golang Go, aufgrund unvollst\u00e4ndiger Eingabepr\u00fcfungen und weil git auf unsichere Protokolle zur\u00fcckfallen kann. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033810",
          "67646",
          "T032604",
          "T033811",
          "T033812",
          "T004914",
          "74185",
          "T032495",
          "T002207",
          "T027759",
          "T000126",
          "398363",
          "1496312",
          "T034919"
        ]
      },
      "release_date": "2023-11-30T23:00:00Z",
      "title": "CVE-2023-45283"
    },
    {
      "cve": "CVE-2023-45285",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Golang Go, aufgrund unvollst\u00e4ndiger Eingabepr\u00fcfungen und weil git auf unsichere Protokolle zur\u00fcckfallen kann. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033810",
          "67646",
          "T032604",
          "T033811",
          "T033812",
          "T004914",
          "74185",
          "T032495",
          "T002207",
          "T027759",
          "T000126",
          "398363",
          "1496312",
          "T034919"
        ]
      },
      "release_date": "2023-11-30T23:00:00Z",
      "title": "CVE-2023-45285"
    }
  ]
}

cve-2023-45283

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature

Action not permitted

cve-2023-45283

Vulnerability from cvelistv5

gsd-2023-45283

Vulnerability from gsd

ghsa-vvjp-q62m-2vph

Vulnerability from github

wid-sec-w-2023-2856

Vulnerability from csaf_certbund

wid-sec-w-2023-3038

Vulnerability from csaf_certbund

Tags

Sightings

Nomenclature