Vulnerability Report: GO-2023-2186

CVE-2023-45284
Affects: path/filepath
Published: Nov 08, 2023
Modified: May 20, 2024

On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports these names as non-local.

Affected Packages

Path

Versions

Symbols
path/filepath

before go1.20.11, from go1.21.0-0 before go1.21.4
- IsLocal

Aliases

CVE-2023-45284

References

https://go.dev/issue/63713
https://go.dev/cl/540277
https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY
https://vuln.go.dev/ID/GO-2023-2186.json

Feedback

See anything missing or incorrect? Suggest an edit to this report.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL