| { |
| "schema_version": "1.3.1", |
| "id": "GO-2020-0007", |
| "modified": "0001-01-01T00:00:00Z", |
| "published": "2021-04-14T20:04:52Z", |
| "aliases": [ |
| "CVE-2017-18367", |
| "GHSA-58v3-j75h-xr49" |
| ], |
| "summary": "Improper input validation in github.com/seccomp/libseccomp-golang", |
| "details": "Filters containing rules with multiple syscall arguments are improperly constructed, such that all arguments are required to match rather than any of the arguments (AND is used rather than OR). These filters can be bypassed by only specifying a subset of the arguments due to this behavior.", |
| "affected": [ |
| { |
| "package": { |
| "name": "github.com/seccomp/libseccomp-golang", |
| "ecosystem": "Go" |
| }, |
| "ranges": [ |
| { |
| "type": "SEMVER", |
| "events": [ |
| { |
| "introduced": "0" |
| }, |
| { |
| "fixed": "0.9.1-0.20170424173420-06e7a29f36a3" |
| } |
| ] |
| } |
| ], |
| "ecosystem_specific": { |
| "imports": [ |
| { |
| "path": "github.com/seccomp/libseccomp-golang", |
| "symbols": [ |
| "ScmpFilter.AddRule", |
| "ScmpFilter.AddRuleConditional", |
| "ScmpFilter.AddRuleConditionalExact", |
| "ScmpFilter.AddRuleExact", |
| "ScmpFilter.addRuleGeneric" |
| ] |
| } |
| ] |
| } |
| } |
| ], |
| "references": [ |
| { |
| "type": "FIX", |
| "url": "https://github.com/seccomp/libseccomp-golang/commit/06e7a29f36a34b8cf419aeb87b979ee508e58f9e" |
| } |
| ], |
| "credits": [ |
| { |
| "name": "@ihac" |
| } |
| ], |
| "database_specific": { |
| "url": "https://pkg.go.dev/vuln/GO-2020-0007", |
| "review_status": "REVIEWED" |
| } |
| } |