blob: b9e6d8a0df38b54fbbba300ba20d5cd76495664f [file] [log] [blame]
id: GO-2022-0493
modules:
- module: std
versions:
- fixed: 1.17.10
- introduced: 1.18.0-0
- fixed: 1.18.2
vulnerable_at: 1.18.1
packages:
- package: syscall
symbols:
- Faccessat
- module: golang.org/x/sys
versions:
- fixed: 0.0.0-20220412211240-33da011f77ad
vulnerable_at: 0.0.0-20220412071739-889880a91fd5
packages:
- package: golang.org/x/sys/unix
symbols:
- Faccessat
excluded_symbols:
- Access
summary: Incorrect privilege reporting in syscall and golang.org/x/sys/unix
description: |-
When called with a non-zero flags parameter, the Faccessat function can
incorrectly report that a file is accessible.
published: 2022-07-15T23:30:12Z
cves:
- CVE-2022-29526
ghsas:
- GHSA-p782-xgp4-8hr8
credits:
- Joël Gähwiler (@256dpi)
references:
- fix: https://go.dev/cl/399539
- report: https://go.dev/issue/52313
- fix: https://go.dev/cl/400074
- web: https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU
review_status: REVIEWED