On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 2 - Docker Extra | containerd | 2023-08-17 17:04 | ALAS2DOCKER-2023-029 |
Amazon Linux 2 - Aws-nitro-enclaves-cli Extra | containerd | 2023-08-03 19:42 | ALAS2NITRO-ENCLAVES-2023-026 |
Amazon Linux 2023 | containerd | 2023-08-17 11:20 | ALAS2023-2023-312 |
Amazon Linux 1 | golang | 2023-09-27 22:15 | ALAS-2023-1848 |
Amazon Linux 2 - Core | golang | 2023-07-20 17:29 | ALAS2-2023-2163 |
Amazon Linux 2 - Golang1.19 Extra | golang | 2023-08-07 05:59 | ALAS2GOLANG1.19-2023-001 |
Amazon Linux 2023 | golang | 2023-07-19 21:24 | ALAS2023-2023-269 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv3 | 8.2 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N |
NVD | CVSSv3 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |