CVE-2024-24787

On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -ltolibrary flag in a "cgo LDFLAGS" directive...

Google Go 安全漏洞

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google USA. A security vulnerability exists in Google Go that stems from the use of Apple's ld with special values in the cgo LDFLAGS instruction on Darwin systems, which could trigger...

CVE-2024-24787

On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -ltolibrary flag in a "cgo LDFLAGS" directive...

CVE-2024-24787 Arbitrary code execution during build on Darwin in cmd/go

On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -ltolibrary flag in a "cgo LDFLAGS" directive...

AZL-47146 CVE-2023-29404 affecting package golang for versions less than 1.22.7-2

The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "cgo LDFLAGS" directive. The arguments for a...

PT-2023-3869 · Go +11 · Go +11

Name of the Vulnerable Software and Affected Versions: Go versions prior to the fixed version Description: The issue is related to the incorrect handling of code generation when processing linker flags from the CgoLDFLAGS directive, allowing a remote attacker to execute arbitrary code. This can...