Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2020-28366

UNKNOWN
Published 2020-11-18T00:00:00
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2020-28366. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Go toolchain

cmd/go

Affected Versions:

0 1.15.0-0
Go toolchain

cmd/cgo

Affected Versions:

0 1.15.0-0

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed CRITICAL

GHSA-mwfg-6wv9-379f

Advisory Details

Go before 1.14.12 and 1.15.x before 1.15.5 allows Code Injection.

CVSS Scoring

CVSS Score

9.0

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2020-28366
WEB https://github.com/golang/go/issues/42559
WEB https://go.dev/cl/269658
WEB https://go.dev/issue/42559
WEB https://go.googlesource.com/go/+/062e0e5ce6df339dc26732438ad771f73dbf2292
WEB https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM
WEB https://lists.apache.org/thread.html/rd02e75766cd333a0df417588460f5e4477060633000bfe94955851fd@%3Cissues.trafficcontrol.apache.org%3E
WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/2W4COUPL3YVTZ6RTEIT6LPBDJUFF3VSP
WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/F3ZSHGNTJWCWYAKY5OLZS2XQQYHSXSUO
WEB https://pkg.go.dev/vuln/GO-2022-0475
WEB https://security.gentoo.org/glsa/202208-02
WEB https://security.netapp.com/advisory/ntap-20201202-0004

Advisory provided by GitHub Security Advisory Database. Published: May 24, 2022, Modified: August 5, 2022

References

https://go.dev/cl/269658
https://go.googlesource.com/go/+/062e0e5ce6df339dc26732438ad771f73dbf2292
https://go.dev/issue/42559
https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM
https://pkg.go.dev/vuln/GO-2022-0475
Published: 2020-11-18T00:00:00
Last Modified: 2024-08-04T16:33:58.955Z
Copied to clipboard!