Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
07 Nov 2023, 03:21
Type | Values Removed | Values Added |
---|---|---|
References | () https://go.dev/cl/269658 - | |
References | () https://go.dev/issue/42559 - | |
References | () https://go.googlesource.com/go/+/062e0e5ce6df339dc26732438ad771f73dbf2292 - | |
References | () https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM - | |
References | () https://pkg.go.dev/vuln/GO-2022-0475 - |
28 Feb 2023, 14:52
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://pkg.go.dev/vuln/GO-2022-0475 - Vendor Advisory | |
References | (CONFIRM) https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM - Mailing List, Release Notes, Third Party Advisory | |
References | (MISC) https://go.dev/cl/269658 - Patch, Vendor Advisory | |
References | (MISC) https://go.dev/issue/42559 - Issue Tracking, Patch, Vendor Advisory | |
References | (MISC) https://go.googlesource.com/go/+/062e0e5ce6df339dc26732438ad771f73dbf2292 - Mailing List, Patch |
29 Dec 2022, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file. |
06 Aug 2022, 03:47
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* cpe:2.3:a:netapp:cloud_insights_telegraf_agent:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:trident:-:*:*:*:*:*:*:* |
|
First Time |
Netapp cloud Insights Telegraf Agent
Netapp Netapp trident |
|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20201202-0004/ - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2W4COUPL3YVTZ6RTEIT6LPBDJUFF3VSP/ - Mailing List, Third Party Advisory | |
References | (GENTOO) https://security.gentoo.org/glsa/202208-02 - Third Party Advisory |
04 Aug 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2020-11-18 17:15
Updated : 2023-12-10 13:41
NVD link : CVE-2020-28366
Mitre link : CVE-2020-28366
CVE.ORG link : CVE-2020-28366
JSON object : View
Products Affected
golang
- go
fedoraproject
- fedora
netapp
- trident
- cloud_insights_telegraf_agent
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')