CVE-2024-24787
May 8, 2024, 5:05 p.m.
Tags
Product(s) Impacted
Go programming language
Description
On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive.
Weaknesses
Date
Published: May 8, 2024, 4:15 p.m.
Last Modified: May 8, 2024, 5:05 p.m.
Status : Awaiting Analysis
CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
More infoSource
security@golang.org
References
https://go.dev/
security@golang.org
https://go.dev/
security@golang.org
https://groups.google.com/
security@golang.org
https://pkg.go.dev/
security@golang.org