17 matches found
CVE-2024-24787
On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -ltolibrary flag in a "cgo LDFLAGS" directive...
Security Bulletin: IBM Storage Protect Server is susceptible to multiple vulnerabilities due to Golang Go ( CVE-2024-24787, CVE-2024-24788 ).
Summary Golang Go is used by the IBM Storage Protect Server OSSM component. Golang Go is vulnerable to loss of integrity and availability of host system. This bulletin identifies the steps to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-24787 DESCRIPTION: Golang Go could allo...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Golang Go
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Golang Go. Vulnerability Details CVEID:CVE-2024-24787 DESCRIPTION: Golang Go could allow a remote attacker to execute arbitrary code on the system, caused by a flaw during build on darwin. By building a Go...
openSUSE Security Advisory (SUSE-SU-2024:3755-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2024:3755-1 Security update for go1.21-openssl
This update for go1.21-openssl fixes the following issues: - CVE-2024-24791: Fixed denial of service due to improper 100-continue handling bsc1227314 - CVE-2024-24789: Fixed mishandling of corrupt central directory record in archive/zip bsc1225973 - CVE-2024-24790: Fixed unexpected behavior from ...
openSUSE Security Advisory (SUSE-SU-2024:3089-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2024:3089-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2024-24787 affecting package msft-golang for versions less than 1.22.3
CVE-2024-24787 affecting package msft-golang for versions less than 1.22.3. A patched version of the package is available...
openSUSE Security Advisory (SUSE-SU-2024:1587-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Advisory (SUSE-SU-2024:1588-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2024:1588-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Exploit for CVE-2024-24787
CVE-2024-24787-PoC On Darwin, building a Go module which cont...
SUSE SLES12 Security Update : go1.22 (SUSE-SU-2024:1573-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1573-1 advisory. Update to go1.22.3: - CVE-2024-24787: cmd/go: arbitrary code execution during build on darwin bsc1224017 - CVE-2024-24788: net: hig...
SUSE SLES12 Security Update : go1.21 (SUSE-SU-2024:1574-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1574-1 advisory. Update to go1.21.10: - CVE-2024-24787: cmd/go: arbitrary code execution during build on darwin bsc1224017 - net/http: TestRequestLimit/h2...
CVE-2024-24787
creationtimestamp| type| source ---|---|--- 2024-05-09 15:03:39+00:00| published-proof-of-concept| https://t.me/HackingInsights/237 2024-05-10 07:52:36+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/7262 2024-05-10 19:29:03+00:00| published-proof-of-concept|...
CVE-2024-24787 Arbitrary code execution during build on Darwin in cmd/go
On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -ltolibrary flag in a "cgo LDFLAGS" directive...
CVE-2024-24787 Arbitrary code execution during build on Darwin in cmd/go
On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -ltolibrary flag in a "cgo LDFLAGS" directive...