[GO-2024-2825] Arbitrary code execution during build on Darwin in cmd/go
Severity
Medium
Affected Packages
2
Fixed Packages
2
CVEs
1
On Darwin, building a Go module which contains CGO can trigger arbitrary code
execution when using the Apple version of ld, due to usage of the -lto_library
flag in a "#cgo LDFLAGS" directive.
Package | Affected Version |
---|---|
pkg:golang/cmd/go | >= 1.22.2, < 1.21.10 |
pkg:golang/cmd/go | >= 1.22.2, < 1.22.3 |
Package | Fixed Version |
---|---|
pkg:golang/cmd/go | = 1.21.10 |
pkg:golang/cmd/go | = 1.22.3 |
- ID
- GO-2024-2825
- Severity
- medium
- Severity from
- CVE-2024-24787
- URL
- https://pkg.go.dev/vuln/GO-2024-2825
- Published
-
2024-05-07T21:05:52
(4 months ago) - Modified
-
2024-06-27T17:38:19
(2 months ago) - Other Advisories
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |