CVE-2024-24787

May 8, 2024, 5:05 p.m.

Product(s) Impacted

Go programming language

Description

On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive.

Weaknesses

Date

Published: May 8, 2024, 4:15 p.m.

Last Modified: May 8, 2024, 5:05 p.m.

Status : Awaiting Analysis

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

security@golang.org

References

https://go.dev/cl/583815

security@golang.org

https://go.dev/issue/67119

security@golang.org

https://groups.google.com/g/golang-announce/c/wkkO4P9stm0

security@golang.org

https://pkg.go.dev/vuln/GO-2024-2825

security@golang.org

CVE-2024-24787

Tags

Product(s) Impacted

Description

Weaknesses

Date

Status : Awaiting Analysis

Source

References

Share