Vulnerability Report: GO-2020-0007

CVE-2017-18367, GHSA-58v3-j75h-xr49
Affects: github.com/seccomp/libseccomp-golang
Published: Apr 14, 2021
Modified: May 20, 2024

Filters containing rules with multiple syscall arguments are improperly constructed, such that all arguments are required to match rather than any of the arguments (AND is used rather than OR). These filters can be bypassed by only specifying a subset of the arguments due to this behavior.

Affected Packages

Path

Go Versions

Symbols
github.com/seccomp/libseccomp-golang

before v0.9.1-0.20170424173420-06e7a29f36a3

Aliases

CVE-2017-18367
GHSA-58v3-j75h-xr49

References

https://github.com/seccomp/libseccomp-golang/commit/06e7a29f36a34b8cf419aeb87b979ee508e58f9e
https://vuln.go.dev/ID/GO-2020-0007.json

Credits

@ihac

Feedback

See anything missing or incorrect? Suggest an edit to this report.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL