Lucene search

GoogleOSV:GO-2022-1095

HistoryNov 01, 2022 - 11:55 p.m.

Unsanitized NUL in environment variables on Windows in syscall and os/exec

2022-11-0123:55:57

Google

osv.dev

windows

environment variables

syscall

os/exec

security vulnerability

software

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.1%

JSON

Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows.

In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavior to set a value for a different environment variable. For example, the environment variable string “A=B\x00C=D” sets the variables “A=B” and “C=D”.

CPENameOperatorVersion
stdlibge1.19.0-0
stdliblt1.18.8
stdliblt1.19.3

Name	Operator	Version
stdlib	ge	1.19.0-0
stdlib	lt	1.18.8
stdlib	lt	1.19.3

References

go.dev/cl/446916

go.dev/issue/56284

groups.google.com/g/golang-announce/c/mbHY1UY3BaM/m/hSpmRzk-AgAJ

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.1%

JSON

Related for OSV:GO-2022-1095