Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

48 matches found

RedhatCVE
RedhatCVEadded 2025/05/23 8:35 a.m.2 views

CVE-2024-24787

On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -ltolibrary flag in a "cgo LDFLAGS" directive...

6.4CVSS7.7AI score0.03204EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/02/07 5:24 a.m.8 views

CVE-2025-22867

A vulnerability was found in the cmd/go golang package. On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld due to usage of the @executablepath, @loaderpath, or @rpath special values in a "cgo LDFLAGS" directive. Mitigation No...

7.5CVSS7.7AI score0.00411EPSS
Exploits0References7
Cvelist
Cvelistadded 2025/02/06 5:9 p.m.15 views

CVE-2025-22867 Arbitrary code execution during build on darwin in cmd/go

On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the @executablepath, @loaderpath, or @rpath special values in a "cgo LDFLAGS" directive. This issue only affected go1.24rc2...

0.00411EPSS
Exploits0References4
CNNVD
CNNVDadded 2025/02/06 12:0 a.m.2 views

Google Go 安全漏洞

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google USA. A security vulnerability exists in Google Go that stems from the use of Apple's ld with special values in the cgo LDFLAGS instruction on Darwin systems, which could trigger...

7.5CVSS7.2AI score0.00411EPSS
Exploits0References4
Tenable Nessus
Tenable Nessusadded 2024/05/10 12:0 a.m.25 views

SUSE SLES12 Security Update : go1.22 (SUSE-SU-2024:1573-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1573-1 advisory. - On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due t...

6.4CVSS8.3AI score0.03204EPSS
Exploits1References8
NVD
NVDadded 2024/05/08 4:15 p.m.17 views

CVE-2024-24787

On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -ltolibrary flag in a "cgo LDFLAGS" directive...

6.4CVSS6.8AI score0.03204EPSS
Exploits1References6
AlpineLinux
AlpineLinuxadded 2024/05/08 3:31 p.m.27 views

CVE-2024-24787

On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -ltolibrary flag in a "cgo LDFLAGS" directive...

6.4CVSS6.9AI score0.03204EPSS
Exploits1
Vulnrichment
Vulnrichmentadded 2024/05/08 3:31 p.m.24 views

CVE-2024-24787 Arbitrary code execution during build on Darwin in cmd/go

On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -ltolibrary flag in a "cgo LDFLAGS" directive...

6.9AI score0.03204EPSS
Exploits1References6
OSV
OSVadded 2024/05/08 3:17 p.m.15 views

GO-2024-2825 Arbitrary code execution during build on Darwin in cmd/go

On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -ltolibrary flag in a "cgo LDFLAGS" directive...

6.4CVSS7.3AI score0.03204EPSS
Exploits1References3
OSV
OSVadded 2024/03/06 10:55 a.m.29 views

BIT-GOLANG-2023-29404 Improper handling of non-optional LDFLAGS in go command with cgo in cmd/go

The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "cgo LDFLAGS" directive. The arguments for a...

9.8CVSS9.1AI score0.00084EPSS
Exploits0References9
OSV
OSVadded 2024/03/06 10:55 a.m.25 views

BIT-GOLANG-2023-29405 Improper sanitization of LDFLAGS with embedded spaces in go command with cgo in cmd/go

The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "cgo LDFLAGS" directive. Flags containing...

9.8CVSS9AI score0.00329EPSS
Exploits0References9
Tenable Nessus
Tenable Nessusadded 2023/07/21 12:0 a.m.30 views

Fedora 38 : golang (2023-eb60fcd505)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-eb60fcd505 advisory. This update includes a security fix to the net/http package, as well as bug fixes to the compiler, cgo, the cover tool, the go command, the runtime,...

9.8CVSS7.1AI score0.00329EPSS
Exploits0References5
Veracode
Veracodeadded 2023/07/10 12:2 a.m.31 views

Arbitrary Code Execution

go is vulnerable to Arbitrary Code Execution. The vulnerability may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code because arguments for a number of flags which are non-optional are incorrectly considered optional, allowing...

9.8CVSS7.3AI score0.00084EPSS
Exploits0References10Affected Software3
Tenable Nessus
Tenable Nessusadded 2023/06/30 12:0 a.m.38 views

CBL Mariner 2.0 Security Update: golang / msft-golang (CVE-2023-29404)

The version of golang / msft-golang installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-29404 advisory. - The go command May execute arbitrary code at build time when using cgo. This May occur when...

9.8CVSS7.5AI score0.00084EPSS
Exploits0References2
RedHat Linux
RedHat Linuxadded 2023/06/29 5:33 a.m.3 views

golang: cmd/go: go command may execute arbitrary code at build time when using cgo

A flaw was found in golang. The go command may execute arbitrary code at build time when using cgo. This can occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This can be triggered by linker flags, specified via a "cgo LDFLAGS"...

9.8CVSS7.4AI score0.00084EPSS
Exploits0References8
RedhatCVE
RedhatCVEadded 2023/06/26 6:17 p.m.68 views

CVE-2023-29405

A flaw was found in golang. The go command may execute arbitrary code at build time when using cgo. This can occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This can be triggered by linker flags, specified via a "cgo LDFLAGS"...

7.5CVSS9.3AI score0.00329EPSS
Exploits0References7
RedhatCVE
RedhatCVEadded 2023/06/26 6:17 p.m.40 views

CVE-2023-29404

A flaw was found in golang. The go command may execute arbitrary code at build time when using cgo. This can occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This can be triggered by linker flags, specified via a "cgo LDFLAGS"...

7.5CVSS9.4AI score0.00084EPSS
Exploits0References7
Tenable Nessus
Tenable Nessusadded 2023/06/17 12:0 a.m.26 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.19 (SUSE-SU-2023:2525-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2525-1 advisory. - The go command may generate unexpected code at build time when using cgo. This may result in...

9.8CVSS7.6AI score0.00329EPSS
Exploits0References14
OSV
OSVadded 2023/06/08 9:15 p.m.4 views

AZL-47146 CVE-2023-29404 affecting package golang for versions less than 1.22.7-2

The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "cgo LDFLAGS" directive. The arguments for a...

9.8CVSS7AI score0.00084EPSS
Exploits0References1
NVD
NVDadded 2023/06/08 9:15 p.m.15 views

CVE-2023-29404

The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "cgo LDFLAGS" directive. The arguments for a...

9.8CVSS9.7AI score0.00084EPSS
Exploits0References8
Rows per page
Query Builder