Duncaen

**Name of the Vulnerable Software and Affected Versions** doas versions prior to 6.2 **Description** The issue is related to insufficient input validation in the setusercontext() function of the doas utility. This could allow a remote attacker to impact the integrity, confidentiality, and availability of protected information. The problem arises from a setusercontext(3) call being replaced with a single setuid(2) call on certain platforms, such as Linux and possibly NetBSD, which fails to change the group id or initialize secondary group ids. **Recommendations** For doas versions prior to 6.2, update to version 6.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the setusercontext() function until a patch is available.