Lucene search
Alpine Linux Development TeamALPINE:CVE-2024-24787HistoryMay 08, 2024 - 4:15 p.m.
CVE-2024-24787
2024-05-0816:15:08
Alpine Linux Development Team
security.alpinelinux.org
13
darwin
go module
cgo
apple version
ld
-lto_library flag
cgo ldflags
arbitrary code execution
CVSS3
6.4
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
AI Score
6.9
Confidence
Low
EPSS
0
Percentile
10.3%
On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a “#cgo LDFLAGS” directive.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Alpine | edge-community | noarch | go | < 0 | UNKNOWN |
| Alpine | 3.19-community | noarch | go | < 0 | UNKNOWN |
| Alpine | 3.20-community | noarch | go | < 0 | UNKNOWN |
Related
osv
osv
CGA-846h-2r7r-7xg8
2024-06-06 12:25:07
CGA-g6hc-66fp-624v
2024-06-06 12:25:57
CGA-h3f3-3g2h-xfxr
2024-06-06 12:27:36
nessus
nessus
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.21 (SUSE-SU-2024:1588-1)
2024-05-11 00:00:00
Golang < 1.21.10, 1.22.x < 1.22.3 Code Execution
2024-05-13 00:00:00
debiancve
debiancve
CVE-2024-24787
2024-05-08 16:15:08
CVSS3
6.4
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
AI Score
6.9
Confidence
Low
EPSS
0
Percentile
10.3%
Related for ALPINE:CVE-2024-24787