Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive.
References
Configurations
History
20 Apr 2023, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
03 Mar 2023, 14:36
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://go.googlesource.com/go/+/da7aa86917811a571e6634b45a457f918b8e6561 - Product | |
References | (MISC) https://go.dev/cl/267277 - Product, Release Notes | |
References | (MISC) https://go.dev/issue/42556 - Issue Tracking, Patch, Third Party Advisory | |
References | (CONFIRM) https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM - Mailing List, Third Party Advisory | |
References | (MISC) https://pkg.go.dev/vuln/GO-2022-0476 - Vendor Advisory | |
CPE | cpe:2.3:a:netapp:cloud_insights_telegraf_agent:-:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:trident:-:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* |
|
CWE | CWE-94 |
10 Aug 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive. |
06 Aug 2022, 03:47
Type | Values Removed | Values Added |
---|---|---|
References | (GENTOO) https://security.gentoo.org/glsa/202208-02 - Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20201202-0004/ - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2W4COUPL3YVTZ6RTEIT6LPBDJUFF3VSP/ - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:a:netapp:cloud_insights_telegraf_agent:-:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* cpe:2.3:a:netapp:trident:-:*:*:*:*:*:*:* |
04 Aug 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2020-11-18 17:15
Updated : 2024-02-04 21:23
NVD link : CVE-2020-28367
Mitre link : CVE-2020-28367
CVE.ORG link : CVE-2020-28367
JSON object : View
Products Affected
golang
- go
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')