Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2023-39323

Опубликовано: 05 окт. 2023
Источник: debian

Описание

Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
golang-1.21fixed1.21.2-1package
golang-1.20fixed1.20.9-1package
golang-1.19removedpackage
golang-1.19no-dsabookwormpackage
golang-1.15removedpackage
golang-1.15no-dsabullseyepackage
golang-1.11removedpackage
golang-1.11postponedbusterpackage

Примечания

  • https://go.dev/issue/63211

  • https://go.dev/cl/533215

  • https://groups.google.com/g/golang-announce/c/XBa1oHDevAo

  • https://pkg.go.dev/vuln/GO-2023-2095

  • https://github.com/golang/go/commit/2ddfc04d12da7028334ab4f8effbc3a78b92d9d2 (go1.21.2)

  • https://github.com/golang/go/commit/31d5b604ac0adb58aec4870ac1b974c08312fd49 (go1.20.9)

Связанные уязвимости

ubuntu логотип

CVE-2023-39323

CVSS3: 8.1
ubuntu
больше 1 года назад

Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.

redhat логотип

CVE-2023-39323

CVSS3: 8.1
redhat
больше 1 года назад

Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.

nvd логотип

CVE-2023-39323

CVSS3: 8.1
nvd
больше 1 года назад

Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.

suse-cvrf логотип

SUSE-SU-2023:4018-1

suse-cvrf
больше 1 года назад

Security update for go1.20

suse-cvrf логотип

SUSE-SU-2023:4017-1

suse-cvrf
больше 1 года назад

Security update for go1.21