Astra Linux – Vulnerability in Golang-1.19

The “//line” directive can be used to bypass the restrictions on the “//go:cgo” directives, allowing for the passing of blocked linker and compiler flags during compilation. This can lead to the execution of arbitrary code when running “go build”. The “//line” directive requires the absolute path...

Astra Linux – Vulnerability in Golang-1.19

Calling any of the Parse functions in Go source code that contains //line directives with very large line numbers can lead to an infinite loop due to integer overflow...

EUVD-2023-43055

Malicious code in bioql PyPI...

EUVD-2023-28553

Malicious code in bioql PyPI...

Arbitrary code execution during build via line directives in cmd/go

...

BIT-GOLANG-2023-39323 Arbitrary code execution during build via line directives in cmd/go

Line directives "//line" can be used to bypass the restrictions on "//go:cgo" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of...

EulerOS 2.0 SP9 : golang (EulerOS-SA-2023-3299)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or...

EulerOS 2.0 SP10 : golang (EulerOS-SA-2024-1058)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Line directives '//line' can be used to bypass the restrictions on '//go:cgo' directives, allowing blocked linker and compiler flags to be passe...

Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : Go vulnerabilities (USN-6574-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6574-1 advisory. Takeshi Kaneko discovered that Go did not properly handle comments and special tags in the script context of html/template...

Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2023-420)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-420 advisory. An issue was found in libcurl which allows cookies to be inserted into a running program if specific conditions are met. The libcurl provided function, curleasyduphandle, is used to duplicate t...

OESA-2023-1789 golang security update

. Security Fixes: The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "!" comment tokens, in script contexts. This may cause the template parser to improperly interpret the contents of script contexts, causing actions to be improperly escaped. This may be...

Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2023-394)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-394 advisory. Line directives //line can be used to bypass the restrictions on //go:cgo directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected...

Amazon Linux 2 : golang (ALAS-2023-2313)

The version of golang installed on the remote host is prior to 1.20.10-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2313 advisory. 2024-01-03: CVE-2023-39319 was added to this advisory. 2023-10-30: CVE-2023-39318 was added to this advisory. The...

Important: golang

Issue Overview: Line directives "//line" can be used to bypass the restrictions on "//go:cgo" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the...

Important: ecs-service-connect-agent

Issue Overview: An issue was found in libcurl which allows cookies to be inserted into a running program if specific conditions are met. The libcurl provided function, curleasyduphandle, is used to duplicate the easyhandle associated with a transfer. If a duplicated transfer's easyhandle has...

Important: golang

Issue Overview: The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "!" comment tokens, in contexts. This may cause the template parser to improperly interpret the contents of contexts, causing actions to be improperly escaped. This may be leveraged to...

SUSE CVE-2023-39323

Line directives "//line" can be used to bypass the restrictions on "//go:cgo" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of...

CVE-2023-39323

Line directives "//line" can be used to bypass the restrictions on "//go:cgo" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of...

AZL-31107 CVE-2023-39323 affecting package golang for versions less than 1.20.10-1

Line directives "//line" can be used to bypass the restrictions on "//go:cgo" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of...

DEBIAN-CVE-2023-39323

Line directives "//line" can be used to bypass the restrictions on "//go:cgo" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of...