cve 2023 29403

CVE-2023-29403 is a privilege escalation vulnerability in the Go runtime affecting setuid binaries on Unix systems. When privileged Go programs start with closed standard I/O file descriptors or crash, the runtime fails to sanitize the process environment, potentially allowing a local attacker to read or write attacker-controlled files or leak register and memory state. This flaw, also tracked as GO-2023-1840, impacts specific Go versions. Discussions on WindowsForum cover the technical details, affected versions, and potential exploitation scenarios, providing guidance for developers and system administrators to mitigate the risk.