CVE-2025-61732

Опубликовано: 05 фев. 2026

Источник: nvd

CVSS3: 8.6

EPSS Низкий

Описание

A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary.

Ссылки

https://go.dev/cl/734220
Patch
Product
https://go.dev/issue/76697
Issue Tracking
Vendor Advisory
https://groups.google.com/g/golang-announce/c/K09ubi9FQFk
Mailing List
Release Notes
https://pkg.go.dev/vuln/GO-2026-4433
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*

Версия до 1.24.13 (исключая)

cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*

Версия от 1.25.0 (включая) до 1.25.7 (исключая)

EPSS

Процентиль: 11%

0.00205

Низкий

8.6 High

CVSS3

Дефекты

CWE-94

Связанные уязвимости

CVE-2025-61732

CVSS3: 8.6

ubuntu

5 месяцев назад

A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary.

CVE-2025-61732

CVSS3: 7.4

redhat

5 месяцев назад

A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary.

CVE-2025-61732

CVSS3: 8.6

debian

5 месяцев назад

A discrepancy between how Go and C/C++ comments were parsed allowed fo ...

GHSA-8jvr-vh7g-f8gx

CVSS3: 8.6

github

5 месяцев назад

A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary.

BDU:2026-02553

CVSS3: 8.6

fstec

5 месяцев назад

Уязвимость компонента cmd/cgo языка программирования Go, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 11%

0.00205

Низкий

8.6 High

CVSS3

Дефекты

CWE-94