github.com/golang/go is vulnerable to Arbitrary Code Execution. The vulnerability is caused by building a GO module which contains Cgo code due to usage of the -lto_library
flag in a #cgo LDFLAGS
directive. Note that this vulnerability is only exploitable on Darwin systems.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/golang/go | le | go1.22.2 | |
github.com/golang/go | le | go1.21.9 | |
github.com/golang/go | le | go1.22.2 | |
github.com/golang/go | le | go1.21.9 |
www.openwall.com/lists/oss-security/2024/05/08/3
github.com/golang/go/commit/348b23830d82aece5775eb9f7f3b3587cf5300c6
github.com/golang/go/issues/67119
go.dev/cl/583815
go.dev/issue/67119
groups.google.com/g/golang-announce/c/wkkO4P9stm0
pkg.go.dev/vuln/GO-2024-2825
security.netapp.com/advisory/ntap-20240531-0006/