CVE-2024-24787

Name
CVE-2024-24787
Description
On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive.
NVD Severity
unknown
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
security@golang.org https://go.dev/cl/583815
security@golang.org https://go.dev/issue/67119
security@golang.org https://groups.google.com/g/golang-announce/c/wkkO4P9stm0
security@golang.org https://pkg.go.dev/vuln/GO-2024-2825
https://security.netapp.com/advisory/ntap-20240531-0006/
http://www.openwall.com/lists/oss-security/2024/05/08/3

Match rules

CPE URI Source package Min version Max version
cmd/go >= 0 < 1.21.10
cmd/go >= 1.22.0-0 < 1.22.3

Vulnerable and fixed packages

Source package Branch Version Maintainer Status