Unrated severityNVD Advisory· Published Nov 18, 2020· Updated Aug 4, 2024
Arbitrary code execution via the go command with cgo in cmd/go
CVE-2020-28367
Description
Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
11- osv-coords10 versionspkg:bitnami/golangpkg:rpm/opensuse/go1.14&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/go1.14&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/go1.14&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/go1.15&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/go1.15&distro=openSUSE%20Tumbleweedpkg:rpm/suse/go1.14&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP1pkg:rpm/suse/go1.14&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP2pkg:rpm/suse/go1.15&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP1pkg:rpm/suse/go1.15&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP2
< 1.14.12+ 9 more
- (no CPE)range: < 1.14.12
- (no CPE)range: < 1.14.12-lp151.22.1
- (no CPE)range: < 1.14.12-lp152.2.12.1
- (no CPE)range: < 1.14.15-1.6
- (no CPE)range: < 1.15.5-lp152.2.1
- (no CPE)range: < 1.15.15-1.2
- (no CPE)range: < 1.14.12-1.26.1
- (no CPE)range: < 1.14.12-1.26.1
- (no CPE)range: < 1.15.5-1.11.1
- (no CPE)range: < 1.15.5-1.11.1
- Go toolchain/cmd/gov5Range: 0
Patches
Vulnerability mechanics
References
6News mentions
0No linked articles in our index yet.