Lucene search
+L

29 matches found

OSV
OSV
added 2023/06/08 9:15 p.m.6 views

AZL-27150 CVE-2023-29404 affecting package msft-golang for versions less than 1.19.10-1

The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "cgo LDFLAGS" directive. The arguments for a...

9.8CVSS7AI score0.01837EPSS
Exploits0References1
OSV
OSV
added 2023/06/08 9:15 p.m.6 views

AZL-27110 CVE-2023-29405 affecting package golang for versions less than 1.20.7-1

The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "cgo LDFLAGS" directive. Flags containing...

9.8CVSS7AI score0.01728EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/03/21 12:0 a.m.27 views

Amazon Linux 2023 : cargo, clippy, rust (ALAS2023-2023-109)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-109 advisory. 2024-02-15: CVE-2022-36113 was added to this advisory. 2024-02-15: CVE-2022-36114 was added to this advisory. Cargo is a package manager for the rust programming language. After a package is...

8.1CVSS7.5AI score0.01041EPSS
Exploits0References8
OSV
OSV
added 2022/09/14 6:15 p.m.6 views

UBUNTU-CVE-2022-36113

Cargo is a package manager for the rust programming language. After a package is downloaded, Cargo extracts its source code in the /.cargo folder on disk, making it available to the Rust projects it builds. To record when an extraction is successful, Cargo writes "ok" to the .cargo-ok file at the...

8.1CVSS6.5AI score0.01041EPSS
Exploits0References4
CVE
CVE
added 2022/09/14 12:0 a.m.86 views

CVE-2022-36113

Cargo vulnerability (CVE-2022-36113): Cargo would extract packages into ~/.cargo and mark success with a .cargo-ok file. A malicious package could include a .cargo-ok symlink; when Cargo wrote ok, it would overwrite the first two bytes of the symlink target, enabling corruption of a single file o...

8.1CVSS7.2AI score0.01041EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/09/14 12:0 a.m.24 views

CVE-2022-36113 Extracting malicious crates can corrupt arbitrary files

Cargo is a package manager for the rust programming language. After a package is downloaded, Cargo extracts its source code in the /.cargo folder on disk, making it available to the Rust projects it builds. To record when an extraction is successful, Cargo writes "ok" to the .cargo-ok file at the...

4.6CVSS8.6AI score0.01041EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2020/12/03 11:20 a.m.75 views

Moderate: Red Hat Security Advisory: go-toolset-1.14-golang security update

An update for go-toolset-1.14-golang is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.5CVSS7AI score0.03813EPSS
Exploits0References5
OSV
OSV
added 2020/11/18 5:15 p.m.2 views

DEBIAN-CVE-2020-28367

Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a cgo directive...

7.5CVSS8.4AI score0.02369EPSS
Exploits0References1
OSV
OSV
added 2020/11/18 5:15 p.m.2 views

DEBIAN-CVE-2020-28366

Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file...

7.5CVSS8.4AI score0.02244EPSS
Exploits0References1
Rows per page
Query Builder