The go command may execute arbitrary... CVE-2023-29404

- AV AC AU C I A
发布: 2023-06-08
修订: 2023-11-25

The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. The arguments for a number of flags which are non-optional are incorrectly considered optional, allowing disallowed flags to be smuggled through the LDFLAGS sanitization. This affects usage of both the gc and gccgo compilers.

0%

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有3条受影响产品信息