Vulnerability Report: GO-2024-2825

  • CVE-2024-24787
  • Affects: cmd/go
  • Published: May 08, 2024
  • Modified: May 20, 2024

On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive.

Affected Packages

  • Path
    Versions
    Symbols
  • cmd/go
    before go1.21.10, from go1.22.0-0 before go1.22.3
    all symbols

Aliases

References

Credits

  • Juho Forsén (Mattermost)

Feedback

See anything missing or incorrect? Suggest an edit to this report.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.