| modules: |
| - module: std |
| versions: |
| - fixed: 1.17.10 |
| - introduced: 1.18.0 |
| fixed: 1.18.2 |
| vulnerable_at: 1.18.1 |
| packages: |
| - package: syscall |
| symbols: |
| - Faccessat |
| - module: golang.org/x/sys |
| versions: |
| - fixed: 0.0.0-20220412211240-33da011f77ad |
| vulnerable_at: 0.0.0-20220412071739-889880a91fd5 |
| packages: |
| - package: golang.org/x/sys/unix |
| symbols: |
| - Faccessat |
| derived_symbols: |
| - Access |
| description: | |
| When called with a non-zero flags parameter, the Faccessat function |
| can incorrectly report that a file is accessible. |
| published: 2022-07-15T23:30:12Z |
| cves: |
| - CVE-2022-29526 |
| credit: Joël Gähwiler (@256dpi) |
| references: |
| - fix: https://go.dev/cl/399539 |
| - report: https://go.dev/issue/52313 |
| - fix: https://go.dev/cl/400074 |
| - web: https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU |