The go command may execute arbitrary code at build time when using cgo on Windows. This can be triggered by running go get on a malicious module, or any other time the code is built.

CPENameOperatorVersion
toolchainge1.15.0-0
toolchainlt1.14.14
toolchainlt1.15.7

Name	Operator	Version
toolchain	ge	1.15.0-0
toolchain	lt	1.14.14
toolchain	lt	1.15.7

References

go.dev/cl/284780

go.dev/cl/284783

go.dev/issue/43783

go.googlesource.com/go/+/46e2e2e9d99925bbf724b12693c6d3e27a95d6a0

go.googlesource.com/go/+/953d1feca9b21af075ad5fc8a3dad096d3ccc3a0

groups.google.com/g/golang-announce/c/mperVMGa98w/m/yo5W5wnvAAAJ

nessus 17

osv 3

veracode 1

ubuntucve 1

cbl_mariner 1

alpinelinux 1

nvd 1

cvelist 1

prion 1

cve 1

debiancve 1

openvas 6

ibm 9

redhatcve 1

redhat 6

fedora 1

almalinux 1

suse 3

rocky 1

altlinux 2

archlinux 1

freebsd 1

amazon 1

oraclelinux 1

photon 2

gentoo 1

nessus

Photon OS 3.0: Go PHSA-2021-3.0-0200

2021-02-27 00:00:00

SUSE SLED15 / SLES15 Security Update : go1.14 (SUSE-SU-2021:0222-1)

2021-01-27 00:00:00

FreeBSD : go -- cmd/go: packages using cgo can cause arbitrary code execution at build time; crypto/elliptic: incorrect operations on the P-224 curve (6a4805d5-5aaf-11eb-a21d-79f5bc5ef6a9)

2021-01-20 00:00:00

osv

CVE-2021-3115

2021-01-26 18:16:27

BIT-golang-2021-3115

2024-03-06 11:05:46

Moderate: go-toolset:rhel8 security, bug fix, and enhancement update

2021-05-18 05:59:11

veracode

Arbitrary Code Execution

2021-01-22 08:28:18

ubuntucve

CVE-2021-3115

2021-01-26 00:00:00

cbl_mariner

CVE-2021-3115 affecting package python-tensorboard for versions less than 2.16.2-1

2024-05-17 21:38:35

alpinelinux

CVE-2021-3115

2021-01-26 18:16:27

nvd

CVE-2021-3115

2021-01-26 18:16:27

cvelist

CVE-2021-3115

2021-01-26 02:14:51

prion

Command injection

2021-01-26 18:16:00

cve

CVE-2021-3115

2021-01-26 18:16:27

debiancve

CVE-2021-3115

2021-01-26 18:16:27

openvas

SUSE: Security Advisory (SUSE-SU-2021:0222-1)

2021-04-19 00:00:00

openSUSE: Security Advisory for go1.15 (openSUSE-SU-2021:0192-1)

2021-04-16 00:00:00

openSUSE: Security Advisory for go1.14 (openSUSE-SU-2021:0194-1)

2021-04-16 00:00:00

ibm

Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring has applied security fixes for its use of Golang Go

2021-08-18 19:05:21

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Go

2021-06-30 17:54:09

Security Bulletin: IBM Cloud Pak for Integration is vulnerable to Go vulnerabilities (CVE-2021-3114 and CVE-2021-3115)

2021-03-23 15:52:25

redhatcve

CVE-2021-3115

2021-01-21 15:05:15

redhat

(RHSA-2021:1339) Moderate: Release of OpenShift Serverless Client kn 1.14.0 and security update

2021-04-22 17:57:04

(RHSA-2021:1746) Moderate: go-toolset:rhel8 security, bug fix, and enhancement update

2021-05-18 05:59:11

(RHSA-2021:2093) Moderate: Release of OpenShift Serverless 1.14.1 security update

2021-05-24 12:19:02

fedora

[SECURITY] Fedora 33 Update: golang-1.15.7-1.fc33

2021-02-06 01:18:16

almalinux

Moderate: go-toolset:rhel8 security, bug fix, and enhancement update

2021-05-18 05:59:11

suse

Security update for go1.15 (moderate)

2021-01-29 00:00:00

Security update for go1.14 (moderate)

2021-01-29 00:00:00

Security update for go1.14 (moderate)

2021-01-30 00:00:00

rocky

go-toolset:rhel8 security, bug fix, and enhancement update

2021-05-18 05:59:11

altlinux

Security fix for the ALT Linux 10 package golang version 1.15.7-alt1

2021-01-20 00:00:00

Security fix for the ALT Linux 9 package golang version 1.15.7-alt1

2021-01-20 00:00:00

archlinux

[ASA-202101-27] go: multiple issues

2021-01-20 00:00:00

freebsd

go -- cmd/go: packages using cgo can cause arbitrary code execution at build time; crypto/elliptic: incorrect operations on the P-224 curve

2021-01-13 00:00:00

amazon

Medium: golang

2021-02-19 01:24:00

oraclelinux

go-toolset:ol8 security, bug fix, and enhancement update

2021-05-25 00:00:00

photon

Important Photon OS Security Update - PHSA-2021-0200

2021-02-27 00:00:00

Critical Photon OS Security Update - PHSA-2021-3.0-0200

2021-02-27 00:00:00

gentoo

Go: Multiple Vulnerabilities

2022-08-04 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

7.9 High

AI Score

Confidence

High

0.017 Low

EPSS

Percentile

88.0%

JSON

Related for OSV:GO-2021-0068