Skip to main content

CVE-2023-29403

CVE Details

Visit the official vulnerability details page for CVE-2023-29403 to learn more.

Initial Publication

10/25/2024

Last Update

10/25/2024

Third Party Dependency

go

NIST CVE Summary

On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.

CVE Severity

7.8

Our Official Summary

This CVE is non impacting as the impacting symbol and/or function is not used in the product.

Status

Ongoing

Affected Products & Versions

VersionPalette EnterprisePalette Enterprise AirgapVerteXVerteX Airgap
4.5.11ImpactedImpactedImpactedImpacted
4.5.10ImpactedImpactedImpactedImpacted
4.5.8ImpactedImpactedImpactedImpacted
4.5.5ImpactedImpactedImpactedImpacted
4.5.4ImpactedImpactedImpactedImpacted
4.4.20ImpactedImpactedImpactedImpacted

Revision History

DateRevision
11/30/2024Advisory is now impacting.
11/15/2024Impacted versions changed from 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10 to 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.11
11/15/2024Impacted versions changed from 4.5.4, 4.5.5, 4.5.8, 4.4.20 to 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10
11/13/2024Impacted versions changed from 4.5.4, 4.5.5, 4.5.8 to 4.5.4, 4.5.5, 4.5.8, 4.4.20
11/10/2024Impacted versions changed from 4.5.4, 4.5.5 to 4.5.4, 4.5.5, 4.5.8
10/27/2024Impacted versions changed from 4.5.4 to 4.5.4, 4.5.5