References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Known Affected Software Configurations Switch to CPE 2.2

Change History

CWE-59

AND
     OR
          *cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* versions up to (excluding) 1.23.10
          *cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* versions from (including) 1.24.0 up to (excluding) 1.24.4
     OR
          cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Go Project: https://go.dev/cl/672396 Types: Issue Tracking

Go Project: https://go.dev/issue/73702 Types: Issue Tracking

Go Project: https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A Types: Mailing List

Go Project: https://pkg.go.dev/vuln/GO-2025-3750 Types: Vendor Advisory

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.

https://go.dev/cl/672396

https://go.dev/issue/73702

https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A

https://pkg.go.dev/vuln/GO-2025-3750