Описание
Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.
A flaw was found in the golang cmd/go standard library. A line directive ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to pass during compilation. This can result in the unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.
Отчет
This attack requires knowledge of the absolute path to the file containing the malicious directive, which significantly limits its feasibility for external attackers unless they already have local access or detailed knowledge of the system's layout. To exploit the vulnerability, an attacker must also convince a developer to download and build a malicious Go module—an action typically constrained by trusted workflows and package verification. Importantly, this vulnerability does not impact running applications. Instead, it targets the development process, specifically developers or CI/CD pipelines during the build phase, further narrowing its scope. As a result, this issue has been rated Moderate due to the multiple complex and unlikely prerequisites required for a successful exploit.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Service Mesh 2 | openshift-golang-builder-container | Not affected | ||
| Red Hat Enterprise Linux 9 | golang | Affected | ||
| Red Hat OpenShift Container Platform 4 | openshift-golang-builder-container | Not affected | ||
| Red Hat OpenShift Virtualization 4 | openshift-golang-builder-container | Affected | ||
| Red Hat Storage 3 | golang | Will not fix | ||
| Red Hat Storage 3 | go-toolset-7-golang | Will not fix | ||
| Red Hat Enterprise Linux 8 | go-toolset | Fixed | RHBA-2023:6928 | 14.11.2023 |
| Red Hat Enterprise Linux 8 | go-toolset | Fixed | RHEA-2023:7311 | 16.11.2023 |
| Red Hat Enterprise Linux 8 | ubi8/go-toolset | Fixed | RHEA-2023:7311 | 16.11.2023 |
Показывать по
Дополнительная информация
Статус:
EPSS
8.1 High
CVSS3
Связанные уязвимости
Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.
Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.
Arbitrary code execution during build via line directives in cmd/go
Line directives ("//line") can be used to bypass the restrictions on " ...
EPSS
8.1 High
CVSS3