CVE-2023-45284 Vulnerability Details

  /     /     /  

CVE-2023-45284 Metadata Quick Info

CVE Published: 09/11/2023 | CVE Updated: 03/09/2024 | CVE Year: 2023
Source: Go | Vendor: Go standard library | Product: path/filepath
Status : PUBLISHED

---

CVE-2023-45284 Description

On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports these names as non-local.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: CWE-41: Improper Resolution of Path Equivalence
Source: Go standard library

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).