blob: 80bf0c55225c23306c73b6eee9c76fd840eda680 [file] [log] [blame]
id: GO-2020-0007
modules:
- module: github.com/seccomp/libseccomp-golang
versions:
- fixed: 0.9.1-0.20170424173420-06e7a29f36a3
vulnerable_at: 0.9.1-0.20170424173400-fc0298087f32
packages:
- package: github.com/seccomp/libseccomp-golang
symbols:
- ScmpFilter.addRuleGeneric
derived_symbols:
- ScmpFilter.AddRule
- ScmpFilter.AddRuleConditional
- ScmpFilter.AddRuleConditionalExact
- ScmpFilter.AddRuleExact
summary: Improper input validation in github.com/seccomp/libseccomp-golang
description: |-
Filters containing rules with multiple syscall arguments are improperly
constructed, such that all arguments are required to match rather than any of
the arguments (AND is used rather than OR). These filters can be bypassed by
only specifying a subset of the arguments due to this behavior.
published: 2021-04-14T20:04:52Z
cves:
- CVE-2017-18367
ghsas:
- GHSA-58v3-j75h-xr49
credits:
- '@ihac'
references:
- fix: https://github.com/seccomp/libseccomp-golang/commit/06e7a29f36a34b8cf419aeb87b979ee508e58f9e
review_status: REVIEWED