Awaiting Analysis
CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Products
Go programming language
Source
security@golang.org
Tags
CVE-2024-24787 details
Published : May 8, 2024, 4:15 p.m.
Last Modified : May 8, 2024, 5:05 p.m.
Last Modified : May 8, 2024, 5:05 p.m.
Description
On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|
References
| URL | Source |
|---|---|
| https://go.dev/cl/583815 | security@golang.org |
| https://go.dev/issue/67119 | security@golang.org |
| https://groups.google.com/g/golang-announce/c/wkkO4P9stm0 | security@golang.org |
| https://pkg.go.dev/vuln/GO-2024-2825 | security@golang.org |
This website uses the NVD API, but is not approved or certified by it.