CVE-2025-61732

Опубликовано: 05 фев. 2026

Источник: debian

EPSS Низкий

Описание

A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary.

Пакет	Статус	Версия исправления	Релиз	Тип
golang-1.25	fixed	1.25.7-1		package
golang-1.24	unfixed			package
golang-1.19	removed			package
golang-1.15	removed			package
golang-1.15	postponed		bullseye	package

https://groups.google.com/g/golang-announce/c/K09ubi9FQFk
https://github.com/golang/go/issues/76697
Fixed by: https://github.com/golang/go/commit/b19100991ac6d096e67cead47392049c178fd5ab (go1.25.7)
Fixed by: https://github.com/golang/go/commit/14d0bb39c1c4093bd02740d14b1a2ca720ced97c (go1.24.13)

EPSS

Процентиль: 1%

0.00008

Низкий

CVE-2025-61732

CVSS3: 8.6

ubuntu

4 дня назад

A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary.

CVE-2025-61732

CVSS3: 8.6

nvd

3 дня назад

A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary.

GHSA-8jvr-vh7g-f8gx

CVSS3: 8.6

github

3 дня назад

A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary.

EPSS

Процентиль: 1%

0.00008

Низкий