| Severity |
|
| Remote |
|
| Type |
| - |
Unknown |
| + |
Incorrect calculation |
|
| Description |
| + |
A security issue has been found in go before version 1.17.5. When a Go program running on a Unix system is out of file descriptors and calls syscall.ForkExec (including indirectly by using the os/exec package), syscall.ForkExec can close file descriptor 0 as it fails. If this happens (or can be provoked) repeatedly, it can result in misdirected I/O such as writing network traffic intended for one connection to a different connection, or content intended for one file to a different one. |
|
| References |
| + |
https://groups.google.com/g/golang-announce/c/hcmEScgc00k |
| + |
https://github.com/golang/go/issues/50057 |
| + |
https://github.com/golang/go/commit/e46abcb816fb20663483f84fe52e370790a99bee |
|
| Notes |
| + |
Workaround |
| + |
========== |
| + |
|
| + |
The issue can be mitigated by raising the per-process file descriptor limit. |
|