Описание
A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Service Mesh 3 | openshift-golang-builder-container | Affected | ||
| Red Hat Enterprise Linux 9 | go-toolset | Affected | ||
| Red Hat OpenShift Virtualization 4 | openshift-golang-builder-container | Affected | ||
| Red Hat Enterprise Linux 10 | golang | Fixed | RHSA-2026:2706 | 16.02.2026 |
| Red Hat Enterprise Linux 10.0 Extended Update Support | golang | Fixed | RHSA-2026:3192 | 24.02.2026 |
| Red Hat Enterprise Linux 8 | go-toolset | Fixed | RHSA-2026:2708 | 16.02.2026 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | go-toolset | Fixed | RHSA-2026:3468 | 02.03.2026 |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | go-toolset | Fixed | RHSA-2026:3470 | 02.03.2026 |
| Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On | go-toolset | Fixed | RHSA-2026:3470 | 02.03.2026 |
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | go-toolset | Fixed | RHSA-2026:3489 | 02.03.2026 |
Показывать по
10
Дополнительная информация
Статус:
Important
https://bugzilla.redhat.com/show_bug.cgi?id=2437016cmd/cgo: Potential code smuggling via doc comments in cmd/cgo
EPSS
Процентиль: 0%
0.00006
Низкий
7.4 High
CVSS3
Связанные уязвимости
CVSS3: 8.6
ubuntu
около 2 месяцев назад
A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary.
CVSS3: 8.6
nvd
около 2 месяцев назад
A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary.
CVSS3: 8.6
debian
около 2 месяцев назад
A discrepancy between how Go and C/C++ comments were parsed allowed fo ...
CVSS3: 8.6
github
около 2 месяцев назад
A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary.
CVSS3: 8.6
fstec
около 2 месяцев назад
Уязвимость компонента cmd/cgo языка программирования Go, позволяющая нарушителю выполнить произвольный код
EPSS
Процентиль: 0%
0.00006
Низкий
7.4 High
CVSS3