Golang Org X Sys Windows
Monthly
Integer overflow in NewNTUnicodeString within the Go extended syscall package for Windows allows a local low-privileged attacker to silently inject a truncated NTUnicodeString into applications that expect validation failures on oversized input. Affected is golang.org/x/sys/windows before version 0.44.0. Because the function returns a truncated result rather than an error, consuming code may proceed with a malformed string, potentially bypassing length-based security checks or causing downstream logic errors - no public exploit has been identified at time of analysis and EPSS exploitation probability is 0.02%.
Integer overflow in NewNTUnicodeString within the Go extended syscall package for Windows allows a local low-privileged attacker to silently inject a truncated NTUnicodeString into applications that expect validation failures on oversized input. Affected is golang.org/x/sys/windows before version 0.44.0. Because the function returns a truncated result rather than an error, consuming code may proceed with a malformed string, potentially bypassing length-based security checks or causing downstream logic errors - no public exploit has been identified at time of analysis and EPSS exploitation probability is 0.02%.