GoogleOSV:CVE-2022-41716CVE-2022-41716
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.3 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
42.1%
Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavior to set a value for a different environment variable. For example, the environment variable string โA=B\x00C=Dโ sets the variables โA=Bโ and โC=Dโ.
| CPE | Name | Operator | Version |
|---|---|---|---|
| go | eq | weekly.2011-11-01 | |
| go | eq | go1.10beta2 | |
| go | eq | weekly.2011-03-28 | |
| go | eq | weekly.2011-01-20 | |
| go | eq | weekly.2012-02-22 | |
| go | eq | weekly.2011-11-08 | |
| go | eq | go1.8beta2 | |
| golang-1.15 | eq | 1.15.9-6 | |
| go | eq | go1.3beta1 | |
| go | eq | go1.10beta1 |
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.3 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
42.1%