Vulnerability Report: GO-2020-0027
- CVE-2018-6558, GHSA-qj26-7grj-whg3
- Affects: github.com/google/fscrypt
- Published: Apr 14, 2021
- Modified: Jun 12, 2023
After dropping and then elevating process privileges euid, guid, and groups are not properly restored to their original values, allowing an unprivileged user to gain membership in the root group.
Affected Packages
-
PathVersionsSymbols
-
before v0.2.4
-
before v0.2.4
5 affected symbols
Aliases
References
- https://github.com/google/fscrypt/commit/3022c1603d968c22f147b4a2c49c4637dd1be91b
- https://github.com/google/fscrypt/issues/77
- https://vuln.go.dev/ID/GO-2020-0027.json
Feedback
See anything missing or incorrect?
Suggest an edit to this report.