Skip to content

golang.org/x/sys/unix has Incorrect privilege reporting in syscall

Moderate severity GitHub Reviewed Published Jun 24, 2022 to the GitHub Advisory Database • Updated May 20, 2024

Package

gomod golang.org/x/sys (Go)

Affected versions

< 0.0.0-20220412211240-33da011f77ad

Patched versions

0.0.0-20220412211240-33da011f77ad

Description

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Reporting in syscall. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.

Specific Go Packages Affected

golang.org/x/sys/unix

References

Published by the National Vulnerability Database Jun 23, 2022
Published to the GitHub Advisory Database Jun 24, 2022
Reviewed Feb 8, 2023
Last updated May 20, 2024

Severity

Moderate
5.3
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Weaknesses

CVE ID

CVE-2022-29526

GHSA ID

GHSA-p782-xgp4-8hr8

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.