vulndb/data/osv/GO-2020-0007.json

{
  "id": "GO-2020-0007",
  "published": "2021-04-14T20:04:52Z",
  "modified": "0001-01-01T00:00:00Z",
  "aliases": [
    "CVE-2017-18367",
    "GHSA-58v3-j75h-xr49"
  ],
  "details": "Filters containing rules with multiple syscall arguments are improperly\nconstructed, such that all arguments are required to match rather than\nany of the arguments (AND is used rather than OR). These filters can be\nbypassed by only specifying a subset of the arguments due to this\nbehavior.\n",
  "affected": [
    {
      "package": {
        "name": "github.com/seccomp/libseccomp-golang",
        "ecosystem": "Go"
      },
      "ranges": [
        {
          "type": "SEMVER",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.9.1-0.20170424173420-06e7a29f36a3"
            }
          ]
        }
      ],
      "database_specific": {
        "url": "https://pkg.go.dev/vuln/GO-2020-0007"
      },
      "ecosystem_specific": {
        "imports": [
          {
            "path": "github.com/seccomp/libseccomp-golang",
            "symbols": [
              "ScmpFilter.AddRule",
              "ScmpFilter.AddRuleConditional",
              "ScmpFilter.AddRuleConditionalExact",
              "ScmpFilter.AddRuleExact",
              "ScmpFilter.addRuleGeneric"
            ]
          }
        ]
      }
    }
  ],
  "references": [
    {
      "type": "FIX",
      "url": "https://github.com/seccomp/libseccomp-golang/commit/06e7a29f36a34b8cf419aeb87b979ee508e58f9e"
    }
  ]
}
data/osv: add OSV entries for all reports Create data/osv, containing the OSV version for all reports. This directory will be used as the source for database generation in the future. Set creation times on all existing reports; future reports will take the creation time from the OSV entry history. Change-Id: Ibe0f3a9fc76c0d4afee8102d6a0fd35c7641e97d Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/430682 Run-TryBot: Damien Neil <dneil@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatiana@golang.org> 2022-09-14 01:40:34 +03:00			`{`
			`"id": "GO-2020-0007",`
			`"published": "2021-04-14T20:04:52Z",`
			`"modified": "0001-01-01T00:00:00Z",`
			`"aliases": [`
			`"CVE-2017-18367",`
			`"GHSA-58v3-j75h-xr49"`
			`],`
			`"details": "Filters containing rules with multiple syscall arguments are improperly\nconstructed, such that all arguments are required to match rather than\nany of the arguments (AND is used rather than OR). These filters can be\nbypassed by only specifying a subset of the arguments due to this\nbehavior.\n",`
			`"affected": [`
			`{`
			`"package": {`
			`"name": "github.com/seccomp/libseccomp-golang",`
			`"ecosystem": "Go"`
			`},`
			`"ranges": [`
			`{`
			`"type": "SEMVER",`
			`"events": [`
			`{`
			`"introduced": "0"`
			`},`
			`{`
			`"fixed": "0.9.1-0.20170424173420-06e7a29f36a3"`
			`}`
			`]`
			`}`
			`],`
			`"database_specific": {`
			`"url": "https://pkg.go.dev/vuln/GO-2020-0007"`
			`},`
			`"ecosystem_specific": {`
			`"imports": [`
			`{`
			`"path": "github.com/seccomp/libseccomp-golang",`
			`"symbols": [`
			`"ScmpFilter.AddRule",`
			`"ScmpFilter.AddRuleConditional",`
			`"ScmpFilter.AddRuleConditionalExact",`
			`"ScmpFilter.AddRuleExact",`
			`"ScmpFilter.addRuleGeneric"`
			`]`
			`}`
			`]`
			`}`
			`}`
			`],`
			`"references": [`
			`{`
			`"type": "FIX",`
			`"url": "https://github.com/seccomp/libseccomp-golang/commit/06e7a29f36a34b8cf419aeb87b979ee508e58f9e"`
			`}`
			`]`
			`}`