7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.004 Low
EPSS
Percentile
75.1%
golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in
src/pkg/debug/gosym/pclntab_test.go creates a temporary file with
predicable name and executes it as shell script.
Author | Note |
---|---|
mdeslaur | Packages built using golang need to be rebuilt once the vulnerability has been fixed. This CVE entry does not list packages that need rebuilding outside of the main repository or the Ubuntu variants with PPA overlays. |
sbeattie | fixed in 1.0.2 |
bugzilla.suse.com/show_bug.cgi?id=765455
codereview.appspot.com/5992078
github.com/golang/go/commit/8ac275bb01588a8c0e6c0fe2de7fd11f08feccdd
launchpad.net/bugs/cve/CVE-2012-2666
nvd.nist.gov/vuln/detail/CVE-2012-2666
security-tracker.debian.org/tracker/CVE-2012-2666
www.cve.org/CVERecord?id=CVE-2012-2666
www.whitesourcesoftware.com/vulnerability-database/CVE-2012-2666
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.004 Low
EPSS
Percentile
75.1%