Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-61732

Опубликовано: 05 фев. 2026
Источник: redhat
CVSS3: 7.4
EPSS Низкий

Описание

A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary.

A flaw was found in Go's 'cgo tool'. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then "smuggled" into the compiled cgo binary. An attacker could exploit this to embed and execute arbitrary code, potentially leading to significant system compromise.

Отчет

This is an Important vulnerability in the cmd/cgo component of the Go toolchain. A parsing discrepancy between Go and C/C++ comments could allow for code smuggling into the resulting cgo binary. This primarily affects systems where untrusted Go modules utilizing cgo are built, impacting Red Hat Enterprise Linux and OpenShift Container Platform.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 9go-toolsetAffected
Red Hat OpenShift Virtualization 4openshift-golang-builder-containerAffected
Red Hat Enterprise Linux 10golangFixedRHSA-2026:270616.02.2026
Red Hat Enterprise Linux 10.0 Extended Update SupportgolangFixedRHSA-2026:319224.02.2026
Red Hat Enterprise Linux 8go-toolsetFixedRHSA-2026:270816.02.2026
Red Hat Enterprise Linux 8.2 Advanced Update Supportgo-toolsetFixedRHSA-2026:346802.03.2026
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Supportgo-toolsetFixedRHSA-2026:347002.03.2026
Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-Ongo-toolsetFixedRHSA-2026:347002.03.2026
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Supportgo-toolsetFixedRHSA-2026:348902.03.2026
Red Hat Enterprise Linux 8.6 Telecommunications Update Servicego-toolsetFixedRHSA-2026:348902.03.2026

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
https://bugzilla.redhat.com/show_bug.cgi?id=2437016cmd/cgo: Go cgo: Code smuggling due to comment parsing discrepancy

EPSS

Процентиль: 11%
0.00205
Низкий

7.4 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-61732

CVSS3: 8.6
ubuntu
5 месяцев назад

A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary.

nvd логотип

CVE-2025-61732

CVSS3: 8.6
nvd
5 месяцев назад

A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary.

debian логотип

CVE-2025-61732

CVSS3: 8.6
debian
5 месяцев назад

A discrepancy between how Go and C/C++ comments were parsed allowed fo ...

github логотип

GHSA-8jvr-vh7g-f8gx

CVSS3: 8.6
github
5 месяцев назад

A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary.

fstec логотип

BDU:2026-02553

CVSS3: 8.6
fstec
5 месяцев назад

Уязвимость компонента cmd/cgo языка программирования Go, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 11%
0.00205
Низкий

7.4 High

CVSS3

Уязвимость CVE-2025-61732