CVE-2022-41716

Unsanitized NUL in environment variables on Windows in syscall and os/exec

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavior to set a value for a different environment variable. For example, the environment variable string "A=B\x00C=D" sets the variables "A=B" and "C=D".

Debido a valores NUL no sanitizados, los atacantes pueden configurar variables de entorno de forma maliciosa en Windows. En syscall.StartProcess y os/exec.Cmd, los valores de variables de entorno no válidos que contienen valores NUL no se verifican correctamente. Un valor de variable de entorno malicioso puede aprovechar este comportamiento para establecer un valor para una variable de entorno diferente. Por ejemplo, la cadena de variable de entorno "A=B\x00C=D" establece las variables "A=B" y "C=D".

*Credits: RyotaK (https://twitter.com/ryotkak)

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2022-09-28 CVE Reserved
2022-11-02 CVE Published
2024-05-25 EPSS Updated
2024-10-30 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (4)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://go.dev/cl/446916	2023-11-07
https://go.dev/issue/56284	2023-11-07
https://groups.google.com/g/golang-announce/c/mbHY1UY3BaM/m/hSpmRzk-AgAJ	2023-11-07

URL	Date	SRC
https://pkg.go.dev/vuln/GO-2022-1095	2023-11-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Golang Search vendor "Golang"	Go Search vendor "Golang" for product "Go"	< 1.18.8 Search vendor "Golang" for product "Go" and version " < 1.18.8"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	-	-	Safe
Golang Search vendor "Golang"	Go Search vendor "Golang" for product "Go"	>= 1.19.0 < 1.19.3 Search vendor "Golang" for product "Go" and version " >= 1.19.0 < 1.19.3"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	-	-	Safe