virus logo FortiClient Vulnerability

Golang syscall.StartProcess Injection Vulnerability

description-logoDescription

Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavior to set a value for a different environment variable. For example, the environment variable string //'A=B\x00C=D' sets the variables 'A=B' and 'C=D'.

affected-products-logoAffected Applications

Go Programming Language

CVE References

CVE-2022-41716

Other References

https://groups.google.com/g/golang-announce/c/mbHY1UY3BaM/m/hSpmRzk-AgAJ
ID 4572
Created Nov 09, 2022
Description
Updated		 Jul 31, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Windows
Vendor Golang
Patch manual
Application Go Programming Language