Approved changes feed: RSS · Atom
cpe:2.3:a:go_standard_library:runtime:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Go Standard Library (50bc78d3-15d0-59a4-bc22-a964570e0614) |
|---|---|
| Product | Runtime (5f52eeb2-5153-52bd-b842-6052cb8bdad0) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-29403 |
vulnerable | 2026-06-03 14:51:40.879677 |
Unsafe behavior in setuid/setgid binaries in runtime
On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.
Published: 2023-06-08T20:19:13.222Z
Updated: 2025-02-13T16:49:14.029Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.