vulnerability
FreeBSD: VID-26B1100A-5A27-11ED-ABFE-29AC76EC31B5 (CVE-2022-41716): go -- syscall, os/exec: unsanitized NUL in environment variables
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:C/A:N) | 10/17/2022 | 11/04/2022 | 01/28/2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:C/A:N)
Published
10/17/2022
Added
11/04/2022
Modified
01/28/2025
Description
Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavior to set a value for a different environment variable. For example, the environment variable string "A=B\x00C=D" sets the variables "A=B" and "C=D".
Solution(s)
freebsd-upgrade-package-go118freebsd-upgrade-package-go119
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.