CVE-2022-30580
Name
CVE-2022-30580
Description
Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset.
NVD Severity
medium
Other trackers
CVE
,
NVD
,
CERT
,
CVE Details
,
CIRCL
,
Arch Linux
,
Debian
,
Red Hat
,
Ubuntu
,
Gentoo
,
SUSE (Bugzilla)
,
SUSE (CVE)
,
Mageia
Mailing lists
oss-security
,
full-disclosure
,
bugtraq
Exploits
Exploit DB
,
Metasploit
Forges
GitHub (
code
,
issues
), Aports (
code
,
issues
)
References
Type
URI
MISC
https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ
MISC
https://go.dev/cl/403759
MISC
https://go.googlesource.com/go/+/960ffa98ce73ef2c2060c84c7ac28d37a83f345e
MISC
https://pkg.go.dev/vuln/GO-2022-0532
MISC
https://go.dev/issue/52574
Match rules
CPE URI
Source package
Min version
Max version
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
go
>= 1.18.0
< 1.18.3
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
go
>= None
< 1.17.11
Vulnerable and fixed packages
Source package
Branch
Version
Maintainer
Status