CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
81.0%
The go command may generate unexpected code at build time when using cgo.
This may result in unexpected behavior when running a go program which uses
cgo. This may occur when running an untrusted module which contains
directories with newline characters in their names. Modules which are
retrieved using the go command, i.e. via โgo getโ, are not affected
(modules retrieved using GOPATH-mode, i.e. GO111MODULE=off, may be
affected).
Author | Note |
---|---|
mdeslaur | Packages built using golang need to be rebuilt once the vulnerability has been fixed. This CVE entry does not list packages that need rebuilding outside of the main repository or the Ubuntu variants with PPA overlays. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | golang-1.10 | <ย any | UNKNOWN |
ubuntu | 14.04 | noarch | golang-1.10 | <ย any | UNKNOWN |
ubuntu | 16.04 | noarch | golang-1.10 | <ย any | UNKNOWN |
ubuntu | 18.04 | noarch | golang-1.13 | <ย any | UNKNOWN |
ubuntu | 20.04 | noarch | golang-1.13 | <ย any | UNKNOWN |
ubuntu | 22.04 | noarch | golang-1.13 | <ย any | UNKNOWN |
ubuntu | 16.04 | noarch | golang-1.13 | <ย any | UNKNOWN |
ubuntu | 20.04 | noarch | golang-1.14 | <ย any | UNKNOWN |
ubuntu | 18.04 | noarch | golang-1.16 | <ย any | UNKNOWN |
ubuntu | 20.04 | noarch | golang-1.16 | <ย any | UNKNOWN |
github.com/golang/go/commit/c0ed873cd8259f16d0da67eee783fda49f45ef61 (go1.20.5)
github.com/golang/go/commit/c160b49b6d328c86bd76ca2fff9009a71347333f (go.1.19.10)
github.com/golang/go/issues/60167
groups.google.com/g/golang-announce/c/q5135a9d924
launchpad.net/bugs/cve/CVE-2023-29402
nvd.nist.gov/vuln/detail/CVE-2023-29402
security-tracker.debian.org/tracker/CVE-2023-29402
www.cve.org/CVERecord?id=CVE-2023-29402