CVE-2025-22867 Arbitrary code execution during build on darwin in cmd/go

On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the @executablepath, @loaderpath, or @rpath special values in a "cgo LDFLAGS" directive. This issue only affected go1.24rc2...

GO-2025-3428 Arbitrary code execution during build on darwin in cmd/go

On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the @executablepath, @loaderpath, or @rpath special values in a "cgo LDFLAGS" directive. This issue only affected go1.24rc2...

SUSE CVE-2025-22867

On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the @executablepath, @loaderpath, or @rpath special values in a "cgo LDFLAGS" directive. This issue only affected go1.24rc2...

SUSE CVE-2024-24787

On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -ltolibrary flag in a "cgo LDFLAGS" directive...

PT-2024-20560 · Go +2 · Go +2

Name of the Vulnerable Software and Affected Versions: Go versions prior to 1.21.10 and 1.22.3 Description: The issue allows for arbitrary code execution when building a Go module that contains CGO on Darwin, due to the usage of the -lto library flag in a "cgo LDFLAGS" directive with the Apple...

Improper Certificate Validation

Overview std/crypto/x509 is a Go standard library package std/crypto/x509 Affected versions of this package are vulnerable to Improper Certificate Validation. Go Vulnerability Report: On Darwin, user's trust preferences for root certificates were not honored. If the user had a root certificate...