ld
by Apple Inc.
CVEs (2)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-22867 | Hig | 0.42 | 7.5 | 0.01 | Feb 6, 2025 | On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the @executable_path, @loader_path, or @rpath special values in a "#cgo LDFLAGS" directive. This issue only affected go1.24rc2. | ||
| CVE-2024-24787 | Med | 0.35 | 6.4 | 0.01 | May 8, 2024 | On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive. |
- risk 0.42cvss 7.5epss 0.01
On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the @executable_path, @loader_path, or @rpath special values in a "#cgo LDFLAGS" directive. This issue only affected go1.24rc2.
- risk 0.35cvss 6.4epss 0.01
On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive.