Lucene search
GoCVELIST:CVE-2022-41716HistoryNov 02, 2022 - 3:28 p.m.
CVE-2022-41716 Unsanitized NUL in environment variables on Windows in syscall and os/exec
2022-11-0215:28:19
Go
www.cve.org
cve-2022-41716
windows
environment variables
syscall
os/exec
malicious attack
Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavior to set a value for a different environment variable. For example, the environment variable string โA=B\x00C=Dโ sets the variables โA=Bโ and โC=Dโ.
CNA Affected
[
{
"vendor": "Go standard library",
"product": "syscall",
"collectionURL": "https://pkg.go.dev",
"packageName": "syscall",
"versions": [
{
"version": "0",
"lessThan": "1.18.8",
"status": "affected",
"versionType": "semver"
},
{
"version": "1.19.0-0",
"lessThan": "1.19.3",
"status": "affected",
"versionType": "semver"
}
],
"platforms": [
"windows"
],
"programRoutines": [
{
"name": "StartProcess"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Go standard library",
"product": "os/exec",
"collectionURL": "https://pkg.go.dev",
"packageName": "os/exec",
"versions": [
{
"version": "0",
"lessThan": "1.18.8",
"status": "affected",
"versionType": "semver"
},
{
"version": "1.19.0-0",
"lessThan": "1.19.3",
"status": "affected",
"versionType": "semver"
}
],
"platforms": [
"windows"
],
"programRoutines": [
{
"name": "Cmd.environ"
},
{
"name": "dedupEnv"
},
{
"name": "dedupEnvCase"
},
{
"name": "Cmd.CombinedOutput"
},
{
"name": "Cmd.Environ"
},
{
"name": "Cmd.Output"
},
{
"name": "Cmd.Run"
},
{
"name": "Cmd.Start"
}
],
"defaultStatus": "unaffected"
}
]Related
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:4054-1)
2022-11-18 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:4055-1)
2022-11-18 00:00:00
Mageia: Security Advisory (MGASA-2022-0444)
2022-11-28 00:00:00
mageia
mageia
Updated golang packages fix security vulnerability
2022-11-27 23:51:49
ibm
ibm
nvd
nvd
CVE-2022-41716
2022-11-02 16:15:11
alpinelinux
alpinelinux
CVE-2022-41716
2022-11-02 16:15:11
nessus
nessus
SUSE SLED15 / SLES15 Security Update : go1.19 (SUSE-SU-2022:4054-1)
2022-11-19 00:00:00
FreeBSD : go -- syscall, os/exec: unsanitized NUL in environment variables (26b1100a-5a27-11ed-abfe-29ac76ec31b5)
2022-11-02 00:00:00
SUSE SLED15 / SLES15 Security Update : go1.18 (SUSE-SU-2022:4055-1)
2022-11-19 00:00:00
freebsd
freebsd
go -- syscall, os/exec: unsanitized NUL in environment variables
2022-10-17 00:00:00
osv
osv
BIT-golang-2022-41716
2024-03-06 10:58:28
CVE-2022-41716
2022-11-02 16:15:11
Unsanitized NUL in environment variables on Windows in syscall and os/exec
2022-11-01 23:55:57
ubuntucve
ubuntucve
CVE-2022-41716
2022-11-02 00:00:00
cve
cve
CVE-2022-41716
2022-11-02 16:15:11
photon
photon
Important Photon OS Security Update - PHSA-2022-0282
2022-11-15 00:00:00
Important Photon OS Security Update - PHSA-2022-4.0-0282
2022-11-15 00:00:00
Important Photon OS Security Update - PHSA-2022-0541
2022-11-15 00:00:00
debiancve
debiancve
CVE-2022-41716
2022-11-02 16:15:11
veracode
veracode
Privilege Escalation
2022-11-03 01:43:24
prion
prion
Code injection
2022-11-02 16:15:00
altlinux
altlinux
Security fix for the ALT Linux 10 package golang version 1.19.3-alt1
2022-11-03 00:00:00
oraclelinux
oraclelinux
ol8addon security update
2023-03-07 00:00:00
ol8addon security update
2022-11-23 00:00:00