FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

go -- syscall.Faccessat checks wrong group on Linux

Affected packages
go < 1.18.2,1
go117 < 1.17.10

Details

VuXML ID a1360138-d446-11ec-8ea1-10c37b4ac2ea
Discovery 2022-04-12
Entry 2022-05-15

The Go project reports:

When called with a non-zero flags parameter, the syscall.Faccessat function could incorrectly report that a file is accessible. This bug only occurs on Linux systems.

[source]

References

CVE Name CVE-2022-29526
URL https://github.com/golang/go/issues/52313
URL https://groups.google.com/g/golang-dev/c/CPU3TB6d4oY

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.