data/reports: update GO-2022-0220.yaml
Remove symbols for runtime package.
Aliases: CVE-2019-9634
Updates golang/vulndb#220
Change-Id: Ia886ab9842646bcb647f7ad3ef963b0773775d04
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/569795
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com>
diff --git a/data/osv/GO-2022-0220.json b/data/osv/GO-2022-0220.json
index 14f1596..824dcad 100644
--- a/data/osv/GO-2022-0220.json
+++ b/data/osv/GO-2022-0220.json
@@ -39,11 +39,6 @@
"path": "runtime",
"goos": [
"windows"
- ],
- "symbols": [
- "loadOptionalSyscalls",
- "osinit",
- "syscall_loadsystemlibrary"
]
},
{
diff --git a/data/reports/GO-2022-0220.yaml b/data/reports/GO-2022-0220.yaml
index 375db80..c0c06a9 100644
--- a/data/reports/GO-2022-0220.yaml
+++ b/data/reports/GO-2022-0220.yaml
@@ -10,17 +10,11 @@
- package: runtime
goos:
- windows
- symbols:
- - loadOptionalSyscalls
- - osinit
- - syscall_loadsystemlibrary
- skip_fix: 'TODO: revisit this reason (fix appears to not work with Go <1.18)'
- package: syscall
goos:
- windows
symbols:
- LoadDLL
- skip_fix: 'TODO: revisit this reason (fix appears to not work with Go <1.18)'
summary: DLL injection on Windows in runtime and syscall
description: |-
Go on Windows misused certain LoadLibrary functionality, leading to DLL
