Go Standard Library Syscall vulnerabilities

CVE-2025-0913 [MEDIUM] CWE-59 CVE-2025-0913: os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the targe os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always r

CVE-2022-41716 [HIGH] CVE-2022-41716: Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Win Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavior to set a value for a different environment variable. For exam