Lucene search
+L

343 matches found

OSV
OSV
added 2026/04/13 5:43 a.m.10 views

BIT-GOLANG-2026-27140 Code execution vulnerability in SWIG code generation in cmd/go

SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass...

9CVSS6.4AI score0.00658EPSS
Exploits0References22
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.5 views

PT-2026-32418

SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass...

8.8CVSS6.4AI score0.00658EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/04/09 11:0 a.m.3 views

cmd/cgo: Go cgo: Code smuggling due to comment parsing discrepancy

A flaw was found in Go's 'cgo tool'. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then "smuggled" into the compiled cgo binary. An attacker could exploit this to embed and execute arbitrary...

8.6CVSS7.1AI score0.00472EPSS
Exploits0References8
OSV
OSV
added 2026/04/08 2:16 a.m.4 views

DEBIAN-CVE-2026-27140

SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass...

8.8CVSS6.2AI score0.00658EPSS
Exploits0References1
NVD
NVD
added 2026/04/08 2:16 a.m.4 views

CVE-2026-27140

SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass...

9CVSS0.00658EPSS
Exploits0References21
UbuntuCve
UbuntuCve
added 2026/04/08 2:16 a.m.4 views

CVE-2026-27140

SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass...

9CVSS6.5AI score0.00658EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/08 1:6 a.m.4 views

CVE-2026-27140

SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass...

9CVSS7.9AI score0.00658EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/04/08 1:6 a.m.4 views

EUVD-2026-20002

SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass...

6.5AI score0.00658EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/08 1:6 a.m.5 views

CVE-2026-27140 Code execution vulnerability in SWIG code generation in cmd/go

SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass...

6.4AI score0.00658EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/08 1:6 a.m.25 views

CVE-2026-27140 Code execution vulnerability in SWIG code generation in cmd/go

SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass...

0.00658EPSS
Exploits0References4
OSV
OSV
added 2026/04/08 1:6 a.m.2 views

CVE-2026-27140 Code execution vulnerability in SWIG code generation in cmd/go

SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass...

8.8CVSS7.8AI score0.00658EPSS
Exploits0References24
RedHat Linux
RedHat Linux
added 2026/04/08 12:41 a.m.7 views

cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive

A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the 'cgo pkg-config:' directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a '--log-file' argument to the pkg-config command...

8.6CVSS7.1AI score0.00532EPSS
Exploits0References8
OSV
OSV
added 2026/04/01 10:47 a.m.13 views

CLSA-2026-1775040432 golang: Fix of CVE-2025-61731

CVE-2025-61731: fix pkg-config --log-file argument injection via cgo pkg-config directive...

8.6CVSS7.3AI score0.00532EPSS
Exploits0References1
OSV
OSV
added 2026/03/23 4:35 p.m.3 views

SUSE-SU-2026:0977-1 Security update for go1.25-openssl

This update for go1.25-openssl fixes the following issues: Update to go 1.25.8 bsc1244485, jscSLE-18320: - CVE-2025-61732: cmd/cgo: discrepancy between Go and C/C++ comment parsing allows for C code smuggling bsc1257692. - CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated...

10CVSS5.9AI score0.00765EPSS
Exploits1References12
SUSE Linux
SUSE Linux
added 2026/03/20 3:7 p.m.6 views

Security update for go1.25-openssl

This update for go1.25-openssl fixes the following issues: Update to go 1.25.8 bsc1244485, jscSLE-18320: CVE-2025-61732: cmd/cgo: discrepancy between Go and C/C++ comment parsing allows for C code smuggling bsc1257692. CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated sessio...

9.6CVSS7.3AI score0.00765EPSS
Exploits1References24
OSV
OSV
added 2026/03/20 2:27 p.m.9 views

OESA-2026-1703 golang security update

The Go Programming Language. Security Fixes: The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large...

10CVSS7.7AI score0.01945EPSS
Exploits2References7
OSV
OSV
added 2026/03/20 2:27 p.m.10 views

OESA-2026-1702 golang security update

The Go Programming Language. Security Fixes: The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large...

10CVSS7.7AI score0.01945EPSS
Exploits2References7
OSV
OSV
added 2026/03/20 2:27 p.m.10 views

OESA-2026-1701 golang security update

The Go Programming Language. Security Fixes: The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large...

10CVSS7.8AI score0.01945EPSS
Exploits2References7
OSV
OSV
added 2026/03/20 2:26 p.m.10 views

OESA-2026-1700 golang security update

The Go Programming Language. Security Fixes: The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large...

10CVSS7.8AI score0.01945EPSS
Exploits1References6
OSV
OSV
added 2026/03/20 2:26 p.m.11 views

OESA-2026-1699 golang security update

The Go Programming Language. Security Fixes: The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large...

10CVSS7.8AI score0.01945EPSS
Exploits2References7
Rows per page
Query Builder