github.com/golang/go contains an untrusted search path vulnerability. When used on Windows, it allows local users to gain privileges by using a Trojan Horse DLL. This is related to the use of the LoadLibrary function.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/golang/go | eq | HEAD | |
github.com/golang/go | le | 1.5 | |
github.com/golang/go | eq | HEAD | |
github.com/golang/go | le | 1.5 |
www.openwall.com/lists/oss-security/2016/04/05/1
www.openwall.com/lists/oss-security/2016/04/05/2
github.com/golang/go/compare/4afe4c803ec378d7a0d7fbc38d961df541d72134...16c42047effe28edd5a827bec4b198ffc83f5ec8
github.com/golang/go/issues/14959
go-review.googlesource.com/#/c/21428/
groups.google.com/forum/#!topic/golang-announce/9eqIHqaWvck
groups.google.com/forum/#%21topic/golang-announce/9eqIHqaWvck