FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
26b1100a-5a27-11ed-abfe-29ac76ec31b5	go -- syscall, os/exec: unsanitized NUL in environment variables The Go project reports: syscall, os/exec: unsanitized NUL in environment variables On Windows, syscall.StartProcess and os/exec.Cmd did not properly check for invalid environment variable values. A malicious environment variable value could exploit this behavior to set a value for a different environment variable. For example, the environment variable string "A=B\x00C=D" set the variables "A=B" and "C=D". Discovery 2022-10-17 Entry 2022-11-01 go118 < 1.18.8 go119 < 1.19.3 CVE-2022-41716 https://groups.google.com/g/golang-dev/c/83nKqv2W1Dk/m/gEJdD5vjDwAJ

VuXML ID

Description

26b1100a-5a27-11ed-abfe-29ac76ec31b5

go -- syscall, os/exec: unsanitized NUL in environment variables

The Go project reports:

syscall, os/exec: unsanitized NUL in environment variables

On Windows, syscall.StartProcess and os/exec.Cmd did not properly check for invalid environment variable values. A malicious environment variable value could exploit this behavior to set a value for a different environment variable. For example, the environment variable string "A=B\x00C=D" set the variables "A=B" and "C=D".

Discovery 2022-10-17
Entry 2022-11-01
go118

< 1.18.8

go119

< 1.19.3

CVE-2022-41716
https://groups.google.com/g/golang-dev/c/83nKqv2W1Dk/m/gEJdD5vjDwAJ