Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file.

References

go.dev/cl/269658

go.dev/issue/42559

go.googlesource.com/go/+/062e0e5ce6df339dc26732438ad771f73dbf2292

groups.google.com/g/golang-announce/c/NpBGTTmKzpM

pkg.go.dev/vuln/GO-2022-0475

ubuntucve 1

debiancve 1

cbl_mariner 2

cve 1

redhatcve 1

osv 4

alpinelinux 1

prion 1

cvelist 1

nvd 1

nessus 24

veracode 1

openvas 11

mageia 1

photon 3

ibm 11

fedora 2

amazon 2

suse 3

freebsd 1

altlinux 2

archlinux 1

redhat 4

oraclelinux 1

almalinux 1

gentoo 1

ubuntucve

CVE-2020-28366

2020-11-18 00:00:00

debiancve

CVE-2020-28366

2020-11-18 17:15:11

cbl_mariner

CVE-2020-28366 affecting package python-tensorboard for versions less than 2.16.2-1

2024-05-17 21:38:35

CVE-2020-28366 affecting package golang 1.13.15-2

2021-07-08 21:56:48

cve

CVE-2020-28366

2020-11-18 17:15:11

redhatcve

CVE-2020-28366

2020-11-13 18:12:22

osv

Arbitrary code execution in go command with cgo in cmd/go and cmd/cgo

2022-07-28 17:24:30

BIT-golang-2020-28366

2024-03-06 11:07:42

go1.14-1.14.15-1.6 on GA media

2024-06-15 00:00:00

alpinelinux

CVE-2020-28366

2020-11-18 17:15:11

prion

Code injection

2020-11-18 17:15:00

cvelist

CVE-2020-28366 Arbitrary code execution in go command with cgo in cmd/go and cmd/cgo

2020-11-18 00:00:00

nvd

CVE-2020-28366

2020-11-18 17:15:11

nessus

EulerOS 2.0 SP3 : golang (EulerOS-SA-2021-2582)

2021-10-25 00:00:00

Photon OS 3.0: Go PHSA-2020-3.0-0173

2020-12-10 00:00:00

EulerOS 2.0 SP8 : golang (EulerOS-SA-2021-1144)

2021-02-01 00:00:00

veracode

Arbitrary Code Execution

2021-01-15 05:03:32

openvas

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2021-2582)

2021-10-26 00:00:00

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2021-1144)

2021-02-02 00:00:00

Mageia: Security Advisory (MGASA-2021-0018)

2022-01-28 00:00:00

mageia

Updated golang packages fix security vulnerabilities

2021-01-10 22:46:12

photon

Important Photon OS Security Update - PHSA-2020-0173

2020-12-09 00:00:00

Important Photon OS Security Update - PHSA-2020-3.0-0173

2020-12-09 00:00:00

Critical Photon OS Security Update - PHSA-2022-0476

2022-03-03 00:00:00

ibm

Security Bulletin: IBM MQ certified container software is vulnerable to multiple vulnerabilities within Golang Go (CVE-2020-28367, CVE-2020-28366)

2021-02-02 16:56:07

Security Bulletin: IBM Event Streams is affected by multiple Go vulnerabilities

2021-01-15 14:41:11

Security Bulletin: Security vulnerabilities in Go affect IBM Cloud Pak for Multicloud Management Hybrid GRC.

2021-02-25 18:35:58

fedora

[SECURITY] Fedora 32 Update: golang-1.14.13-1.fc32

2020-12-16 01:27:45

[SECURITY] Fedora 33 Update: golang-1.15.5-1.fc33

2020-11-23 01:08:21

amazon

Medium: golang

2021-01-12 22:52:00

Medium: golang

2021-01-05 23:34:00

suse

Security update for go1.14 (moderate)

2020-11-27 00:00:00

Security update for go1.14 (moderate)

2020-11-26 00:00:00

Security update for go1.15 (moderate)

2020-12-01 00:00:00

freebsd

go -- math/big: panic during recursive division of very large numbers; cmd/go: arbitrary code execution at build time through cgo

2020-11-09 00:00:00

altlinux

Security fix for the ALT Linux 10 package golang version 1.15.5-alt1

2020-11-14 00:00:00

Security fix for the ALT Linux 9 package golang version 1.15.5-alt1

2020-11-14 00:00:00

archlinux

[ASA-202011-16] go: multiple issues

2020-11-17 00:00:00

redhat

(RHSA-2020:5333) Moderate: go-toolset-1.14-golang security update

2020-12-03 10:58:57

(RHSA-2020:5493) Moderate: go-toolset:rhel8 security update

2020-12-15 16:02:27

(RHSA-2021:0145) Moderate: Red Hat OpenShift Serverless Client kn 1.12.0

2021-01-14 13:24:15

oraclelinux

go-toolset:ol8 security update

2020-12-22 00:00:00

almalinux

Moderate: go-toolset:rhel8 security update

2020-12-15 16:02:27

gentoo

Go: Multiple Vulnerabilities

2022-08-04 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

AI Score

7.8

Confidence

Low

EPSS

0.01

Percentile

84.1%

JSON

Related for OSV:CVE-2020-28366