Количество 13
Количество 13
BDU:2023-04160
Уязвимость расширения Cgo языка программирования Go, позволяющая нарушителю выполнить произвольный код
ROS-20231109-01
Множественные уязвимости golang
CVE-2023-29405
The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. Flags containing embedded spaces are mishandled, allowing disallowed flags to be smuggled through the LDFLAGS sanitization by including them in the argument of another flag. This only affects usage of the gccgo compiler.
CVE-2023-29405
The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. Flags containing embedded spaces are mishandled, allowing disallowed flags to be smuggled through the LDFLAGS sanitization by including them in the argument of another flag. This only affects usage of the gccgo compiler.
CVE-2023-29405
The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. Flags containing embedded spaces are mishandled, allowing disallowed flags to be smuggled through the LDFLAGS sanitization by including them in the argument of another flag. This only affects usage of the gccgo compiler.
CVE-2023-29405
Improper sanitization of LDFLAGS with embedded spaces in go command with cgo in cmd/go
CVE-2023-29405
The go command may execute arbitrary code at build time when using cgo ...
GHSA-68g3-2p3g-w9pq
The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. Flags containing embedded spaces are mishandled, allowing disallowed flags to be smuggled through the LDFLAGS sanitization by including them in the argument of another flag. This only affects usage of the gccgo compiler.
SUSE-SU-2023:2526-1
Security update for go1.20
SUSE-SU-2023:2525-1
Security update for go1.19
RLSA-2023:3923
Critical: go-toolset and golang security update
ELSA-2023-3923
ELSA-2023-3923: go-toolset and golang security update (CRITICAL)
ELSA-2023-3922
ELSA-2023-3922: go-toolset:ol8 security update (CRITICAL)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | BDU:2023-04160 Уязвимость расширения Cgo языка программирования Go, позволяющая нарушителю выполнить произвольный код | CVSS3: 9.8 | 0% Низкий | почти 3 года назад |
 | ROS-20231109-01 Множественные уязвимости golang | CVSS3: 9.8 | больше 2 лет назад | |
 | CVE-2023-29405 The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. Flags containing embedded spaces are mishandled, allowing disallowed flags to be smuggled through the LDFLAGS sanitization by including them in the argument of another flag. This only affects usage of the gccgo compiler. | CVSS3: 9.8 | 0% Низкий | почти 3 года назад |
 | CVE-2023-29405 The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. Flags containing embedded spaces are mishandled, allowing disallowed flags to be smuggled through the LDFLAGS sanitization by including them in the argument of another flag. This only affects usage of the gccgo compiler. | CVSS3: 7.5 | 0% Низкий | почти 3 года назад |
 | CVE-2023-29405 The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. Flags containing embedded spaces are mishandled, allowing disallowed flags to be smuggled through the LDFLAGS sanitization by including them in the argument of another flag. This only affects usage of the gccgo compiler. | CVSS3: 9.8 | 0% Низкий | почти 3 года назад |
 | CVE-2023-29405 Improper sanitization of LDFLAGS with embedded spaces in go command with cgo in cmd/go | CVSS3: 9.8 | 0% Низкий | около 1 месяца назад |
| CVE-2023-29405 The go command may execute arbitrary code at build time when using cgo ... | CVSS3: 9.8 | 0% Низкий | почти 3 года назад |
| GHSA-68g3-2p3g-w9pq The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. Flags containing embedded spaces are mishandled, allowing disallowed flags to be smuggled through the LDFLAGS sanitization by including them in the argument of another flag. This only affects usage of the gccgo compiler. | CVSS3: 9.8 | 0% Низкий | почти 3 года назад |
 | SUSE-SU-2023:2526-1 Security update for go1.20 | почти 3 года назад | ||
| SUSE-SU-2023:2525-1 Security update for go1.19 | почти 3 года назад | ||
 | RLSA-2023:3923 Critical: go-toolset and golang security update | больше 2 лет назад | ||
| ELSA-2023-3923 ELSA-2023-3923: go-toolset and golang security update (CRITICAL) | больше 2 лет назад | ||
| ELSA-2023-3922 ELSA-2023-3922: go-toolset:ol8 security update (CRITICAL) | больше 2 лет назад |
Уязвимостей на страницу