Go Runtime Setuid/setgid PrivEsc via I/O Descriptors
CVE-2023-29403 Published on June 8, 2023
Unsafe behavior in setuid/setgid binaries in runtime
On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.
Vulnerability Analysis
CVE-2023-29403 can be exploited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Products Associated with CVE-2023-29403
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-29403 are published in these products:
Affected Versions
Go standard library runtime:- Before 1.19.10 is affected.
- Version 1.20.0-0 and below 1.20.5 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.