VYPR

ld

by Apple Inc.

CVEs (2)

  • CVE-2025-22867HigFeb 6, 2025
    risk 0.42cvss 7.5epss 0.01

    On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the @executable_path, @loader_path, or @rpath special values in a "#cgo LDFLAGS" directive. This issue only affected go1.24rc2.

  • CVE-2024-24787MedMay 8, 2024
    risk 0.35cvss 6.4epss 0.01

    On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive.