Описание
Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The "#cgo pkg-config:" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can provide a "--log-file" argument to this directive, causing pkg-config to write to an attacker-controlled location.
A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the '#cgo pkg-config:' directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a '--log-file' argument to the pkg-config command. This vulnerability can lead to arbitrary file write.
Отчет
This vulnerability is Important rather than Moderate because compiling a malicious Go source file can cause pkg-config to create or append data to files at attacker-chosen locations, subject to the permissions of the build user. This can enable unintended filesystem modifications during the build process, which can lead to broken builds, alter tool behavior, and poison caches or artifacts, even without direct code execution.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Service Mesh 3 | openshift-golang-builder-container | Affected | ||
| Red Hat Enterprise Linux 10 | golang | Affected | ||
| Red Hat Enterprise Linux 8 | golang | Affected | ||
| Red Hat Enterprise Linux 9 | golang | Affected | ||
| Red Hat OpenShift Virtualization 4 | openshift-golang-builder-container | Affected | ||
| Red Hat OpenShift Container Platform 4.19 | openshift4/aws-karpenter-provider-aws-rhel9 | Fixed | RHSA-2026:4434 | 18.03.2026 |
| Red Hat OpenShift Container Platform 4.19 | openshift4/aws-kms-encryption-provider-rhel9 | Fixed | RHSA-2026:4434 | 18.03.2026 |
| Red Hat OpenShift Container Platform 4.19 | openshift4/azure-kms-encryption-provider-rhel9 | Fixed | RHSA-2026:4434 | 18.03.2026 |
| Red Hat OpenShift Container Platform 4.19 | openshift4/azure-service-rhel9-operator | Fixed | RHSA-2026:4434 | 18.03.2026 |
| Red Hat OpenShift Container Platform 4.19 | openshift4/cloud-network-config-controller-rhel9 | Fixed | RHSA-2026:4434 | 18.03.2026 |
Показывать по
Дополнительная информация
Статус:
EPSS
8.6 High
CVSS3
Связанные уязвимости
Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The "#cgo pkg-config:" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can provide a "--log-file" argument to this directive, causing pkg-config to write to an attacker-controlled location.
Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The "#cgo pkg-config:" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can provide a "--log-file" argument to this directive, causing pkg-config to write to an attacker-controlled location.
Building a malicious file with cmd/go can cause can cause a write to a ...
Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The "#cgo pkg-config:" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can provide a "--log-file" argument to this directive, causing pkg-config to write to an attacker-controlled location.
Уязвимость языка программирования Golang, связанная с недостаточным контролем ресурса в период его существования, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
8.6 High
CVSS3