CVE-2024-24787

May 8, 2024, 5:05 p.m.

Product(s) Impacted

Go programming language

Description

On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive.

Weaknesses

Date

Published: May 8, 2024, 4:15 p.m.

Last Modified: May 8, 2024, 5:05 p.m.

Status : Awaiting Analysis

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

security@golang.org

References