🛡️ CVE-2023-29403
🟠 CVSS 8.0 — High ✅ No Known Exploit CWE-668 NVD
8.0
CVSS Score
0 Low4 Medium7 High9 Critical10

Description

On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.

Details

Severity HIGH
CVSS Score 8.0
CVSS Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE CWE-668
Public Exploit ✅ No
Source NVD
Published 2023-06-08
Updated 2026-06-08
Modified 2025-01-06

Affected Packages

Software From version Fixed in
fedora
go 1.20.0 1.20.5
golang
stdlib

References

Similar Threats

Free Vulnerability Check

Is your WordPress site affected?

BotEraser helps you identify potentially vulnerable plugins and themes by checking your installation against known CVE records.

Scan My Site Free →

No credit card required  ·  Results in minutes

ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.