Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive.
References
Configurations
History
07 Nov 2023, 03:21
Type | Values Removed | Values Added |
---|---|---|
References | () https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html - | |
References | () https://go.googlesource.com/go/+/da7aa86917811a571e6634b45a457f918b8e6561 - | |
References | () https://go.dev/issue/42556 - | |
References | () https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM - | |
References | () https://pkg.go.dev/vuln/GO-2022-0476 - | |
References | () https://go.dev/cl/267277 - |
20 Apr 2023, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
03 Mar 2023, 14:36
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-94 | |
References | (MISC) https://go.dev/cl/267277 - Product, Release Notes | |
References | (CONFIRM) https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM - Mailing List, Third Party Advisory | |
References | (MISC) https://go.googlesource.com/go/+/da7aa86917811a571e6634b45a457f918b8e6561 - Product |
06 Dec 2022, 21:44
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* cpe:2.3:a:netapp:trident:-:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |
|
References | (MISC) https://go.dev/cl/267277 - Release Notes, Vendor Advisory | |
References | (MISC) https://pkg.go.dev/vuln/GO-2022-0476 - Vendor Advisory | |
References | (MISC) https://go.dev/issue/42556 - Issue Tracking, Patch, Third Party Advisory | |
References | (MISC) https://go.googlesource.com/go/+/da7aa86917811a571e6634b45a457f918b8e6561 - Third Party Advisory |
10 Aug 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
Summary | Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive. | |
References |
|
|
06 Aug 2022, 03:47
Type | Values Removed | Values Added |
---|---|---|
First Time |
Netapp trident
Netapp cloud Insights Telegraf Agent Netapp |
|
CPE | cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* cpe:2.3:a:netapp:cloud_insights_telegraf_agent:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:trident:-:*:*:*:*:*:*:* |
|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2W4COUPL3YVTZ6RTEIT6LPBDJUFF3VSP/ - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20201202-0004/ - Third Party Advisory | |
References | (GENTOO) https://security.gentoo.org/glsa/202208-02 - Third Party Advisory |
04 Aug 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2020-11-18 17:15
Updated : 2023-12-10 13:41
NVD link : CVE-2020-28367
Mitre link : CVE-2020-28367
CVE.ORG link : CVE-2020-28367
JSON object : View
Products Affected
golang
- go
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')