| id: GO-2020-0007 |
| modules: |
| - module: github.com/seccomp/libseccomp-golang |
| versions: |
| - fixed: 0.9.1-0.20170424173420-06e7a29f36a3 |
| vulnerable_at: 0.9.1-0.20170424173400-fc0298087f32 |
| packages: |
| - package: github.com/seccomp/libseccomp-golang |
| symbols: |
| - ScmpFilter.addRuleGeneric |
| derived_symbols: |
| - ScmpFilter.AddRule |
| - ScmpFilter.AddRuleConditional |
| - ScmpFilter.AddRuleConditionalExact |
| - ScmpFilter.AddRuleExact |
| summary: Improper input validation in github.com/seccomp/libseccomp-golang |
| description: |- |
| Filters containing rules with multiple syscall arguments are improperly |
| constructed, such that all arguments are required to match rather than any of |
| the arguments (AND is used rather than OR). These filters can be bypassed by |
| only specifying a subset of the arguments due to this behavior. |
| published: 2021-04-14T20:04:52Z |
| cves: |
| - CVE-2017-18367 |
| ghsas: |
| - GHSA-58v3-j75h-xr49 |
| credits: |
| - '@ihac' |
| references: |
| - fix: https://github.com/seccomp/libseccomp-golang/commit/06e7a29f36a34b8cf419aeb87b979ee508e58f9e |
| review_status: REVIEWED |