Lucene search
GoogleOSV:GO-2022-0532HistoryJul 26, 2022 - 9:41 p.m.
Empty Cmd.Path can trigger unintended binary in os/exec on Windows
2022-07-2621:41:20
Google
osv.dev
28
windows
cmd.path
unintended execution
binary
os/exec
security
software
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
7.7
Confidence
High
EPSS
0
Percentile
14.2%
On Windows, executing Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset will unintentionally trigger execution of any binaries in the working directory named either “…com” or “…exe”.
Related
nvd
nvd
CVE-2022-30580
2022-08-10 20:15:40
osv
osv
BIT-golang-2022-30580
2024-03-06 11:00:32
CVE-2022-30580
2022-08-10 20:15:40
go1.18-1.18.3-1.1 on GA media
2024-06-15 00:00:00
prion
prion
Code injection
2022-08-10 20:15:00
cbl_mariner
cbl_mariner
CVE-2022-30580 affecting package golang for versions less than 1.18.5-1
2022-09-16 06:05:39
CVE-2022-30580 affecting package golang 1.18.3-1
2022-09-17 05:56:44
cve
cve
CVE-2022-30580
2022-08-10 20:15:40
veracode
veracode
Injection Vulnerability
2022-07-26 00:31:08
alpinelinux
alpinelinux
CVE-2022-30580
2022-08-10 20:15:40
redhatcve
redhatcve
CVE-2022-30580
2022-08-16 09:38:32
debiancve
debiancve
CVE-2022-30580
2022-08-10 20:15:40
ubuntucve
ubuntucve
CVE-2022-30580
2022-08-10 00:00:00
cvelist
cvelist
openvas
openvas
openSUSE: Security Advisory for go1.18 (SUSE-SU-2022:2005-1)
2022-06-08 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:2005-1)
2022-06-08 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:2004-1)
2022-06-08 00:00:00
ibm
ibm
nessus
nessus
SUSE SLED15 / SLES15 Security Update : go1.18 (SUSE-SU-2022:2005-1)
2022-06-08 00:00:00
SUSE SLED15 / SLES15 Security Update : go1.17 (SUSE-SU-2022:2004-1)
2022-06-08 00:00:00
Oracle Linux 8 : ol8addon (ELSA-2022-17957)
2022-07-12 00:00:00
suse
suse
Security update for go1.18 (important)
2022-06-07 00:00:00
Security update for go1.17 (important)
2022-06-07 00:00:00
oraclelinux
oraclelinux
ol8addon security update
2022-07-12 00:00:00
go-toolset:ol8addon security update
2022-07-12 00:00:00
freebsd
freebsd
go -- multiple vulnerabilities
2022-06-01 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package golang version 1.17.11-alt1.p10
2022-06-14 00:00:00
Security fix for the ALT Linux 10 package golang version 1.18.3-alt1
2022-06-12 00:00:00
amazon
amazon
Important: golang
2023-04-13 19:01:00
Important: golang
2023-04-13 19:28:00
photon
photon
Important Photon OS Security Update - PHSA-2022-0242
2022-09-07 00:00:00
Important Photon OS Security Update - PHSA-2022-4.0-0242
2022-09-07 00:00:00
Critical Photon OS Security Update - PHSA-2022-0512
2022-09-06 00:00:00
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
7.7
Confidence
High
EPSS
0
Percentile
14.2%
Related for OSV:GO-2022-0532