Lucene search

K
ubuntucveUbuntu.comUB:CVE-2024-24787
HistoryMay 08, 2024 - 12:00 a.m.

CVE-2024-24787

2024-05-0800:00:00
ubuntu.com
ubuntu.com
7
cve
2024
24787
golang
ubuntu
macos

6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.3%

On Darwin, building a Go module which contains CGO can trigger arbitrary
code execution when using the Apple version of ld, due to usage of the
-lto_library flag in a “#cgo LDFLAGS” directive.

Notes

Author Note
mdeslaur Packages built using golang need to be rebuilt once the vulnerability has been fixed. This CVE entry does not list packages that need rebuilding outside of the main repository or the Ubuntu variants with PPA overlays. Warning: do not include nullboot in the list of no-change rebuilds after fixing an issue in golang.
rodrigo-zaiden issue affecting macOS only.

6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.3%