/
DirectorySecurity Advisories
Sign In
Security Advisories

CGA-xrqj-j4xc-8x55

Published

Last updated

https://images.chainguard.dev/security/CGA-xrqj-j4xc-8x55
Package

marzano

RepositoryWolfi
Latest Update
Under investigation
Aliases
  • CVE-2024-51756
  • GHSA-hxf5-99xg-86hw

Severity

Unknown

Summary

cap-std doesn't fully sandbox all the Windows device filenames

Description

Impact

cap-std's filesystem sandbox implementation on Windows blocks access to special device filenames such as "COM1", "COM2", "LPT0", "LPT1", and so on, however it did not block access to the special device filenames which use superscript digits, such as "COM¹", "COM²", "LPT⁰", "LPT¹", and so on. Untrusted filesystem paths could bypass the sandbox and access devices through those special device filenames with superscript digits, and through them provide access peripheral devices connected to the computer, or network resources mapped to those devices. This can include modems, printers, network printers, and any other device connected to a serial or parallel port, including emulated USB serial ports.

Patches

The bug is fixed in https://github.com/bytecodealliance/cap-std/pull/371, which is published in cap-primitives 3.4.1, cap-std 3.4.1, and cap-async-std 3.4.1.

Workarounds

There are no known workarounds for this issue. Affected Windows users are recommended to upgrade.

References

References

Updates


Safe Source for Open Source™
Media KitContact Us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Products

Chainguard ContainersChainguard LibrariesChainguard VMs