Vulnerability Report: GO-2022-0493
standard library- CVE-2022-29526, GHSA-p782-xgp4-8hr8
- Affects: syscall, golang.org/x/sys
- Published: Jul 15, 2022
- Modified: May 20, 2024
When called with a non-zero flags parameter, the Faccessat function can incorrectly report that a file is accessible.
Affected Packages
-
PathGo VersionsSymbols
-
before go1.17.10, from go1.18.0-0 before go1.18.2
-
before v0.0.0-20220412211240-33da011f77ad
Aliases
References
- https://go.dev/cl/399539
- https://go.dev/issue/52313
- https://go.dev/cl/400074
- https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU
- https://vuln.go.dev/ID/GO-2022-0493.json
Credits
- Joël Gähwiler (@256dpi)
Feedback
See anything missing or incorrect?
Suggest an edit to this report.