Lucene search
Veracode Vulnerability DatabaseVERACODE:4159HistoryMay 03, 2017 - 8:37 a.m.
Preloading Of Untrusted Windows DLL
2017-05-0308:37:13
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
0.0004 Low
EPSS
Percentile
5.1%
github.com/golang/go contains an untrusted search path vulnerability. When used on Windows, it allows local users to gain privileges by using a Trojan Horse DLL. This is related to the use of the LoadLibrary function.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/golang/go | eq | HEAD | |
| github.com/golang/go | le | 1.5 | |
| github.com/golang/go | eq | HEAD | |
| github.com/golang/go | le | 1.5 |
References
www.openwall.com/lists/oss-security/2016/04/05/1
www.openwall.com/lists/oss-security/2016/04/05/2
github.com/golang/go/compare/4afe4c803ec378d7a0d7fbc38d961df541d72134...16c42047effe28edd5a827bec4b198ffc83f5ec8
github.com/golang/go/issues/14959
go-review.googlesource.com/#/c/21428/
groups.google.com/forum/#!topic/golang-announce/9eqIHqaWvck
groups.google.com/forum/#%21topic/golang-announce/9eqIHqaWvck
Related
cve
cve
CVE-2016-3958
2016-05-23 19:59:03
prion
prion
Design/Logic Flaw
2016-05-23 19:59:00
cvelist
cvelist
CVE-2016-3958
2016-05-23 19:00:00
osv
osv
Privilege escalation on Windows via malicious DLL in syscall
2022-01-05 22:41:50
nvd
nvd
CVE-2016-3958
2016-05-23 19:59:03
ubuntucve
ubuntucve
CVE-2016-3958
2016-05-23 00:00:00
cloudfoundry
cloudfoundry
CVE-2016-3958/CVE-2016-3959: Golang vulnerabilities | Cloud Foundry
2016-12-29 00:00:00