CVE-2024-24787

Опубликовано: 08 мая 2024

Источник: debian

EPSS Низкий

Описание

On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive.

Пакеты

Пакет	Статус	Тип
golang-1.22	not-affected	package
golang-1.21	not-affected	package
golang-1.19	not-affected	package
golang-1.15	not-affected	package
golang-1.11	not-affected	package

Примечания

https://groups.google.com/g/golang-announce/c/wkkO4P9stm0
https://github.com/golang/go/issues/67119

EPSS

Процентиль: 85%

0.02478

Низкий

Связанные уязвимости

CVE-2024-24787

CVSS3: 6.4

ubuntu

больше 1 года назад

On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive.

CVE-2024-24787

CVSS3: 6.4

nvd

больше 1 года назад

On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive.

CVE-2024-24787

CVSS3: 6.4

msrc

5 месяцев назад

Arbitrary code execution during build on Darwin in cmd/go

SUSE-SU-2024:1588-1

suse-cvrf

больше 1 года назад

Security update for go1.21

SUSE-SU-2024:1574-1

suse-cvrf

больше 1 года назад

Security update for go1.21

EPSS

Процентиль: 85%

0.02478

Низкий