Home > Vulnerability Database > CVE-2023-29402

Mend.io Vulnerability Database

CVE-2023-29402

Date: June 8, 2023

The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved using the go command, i.e. via "go get", are not affected (modules retrieved using GOPATH-mode, i.e. GO111MODULE=off, may be affected).

Language: Go

Severity Score

9.8

Related Resources (12)

Url: https://go.dev/cl/501226

Url: https://pkg.go.dev/vuln/GO-2023-1839

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZ2O6YCO2IZMZJELQGZYR2WAUNEDLYV6/

Url: https://security-tracker.debian.org/tracker/CVE-2023-29402

Url: https://security.gentoo.org/glsa/202311-09

Url: https://security.netapp.com/advisory/ntap-20241213-0004/

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-29402

Url: https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ

Url: https://access.redhat.com/security/cve/CVE-2023-29402

Url: https://go.dev/issue/60167

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XBS3IIK6ADV24C5ULQU55QLT2UE762ZX/

Url: https://www.mend.io/vulnerability-database/CVE-2023-29402

Severity Score

9.8

Weakness Type (CWE)

Improper Control of Generation of Code ('Code Injection')

CWE-94

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-29402

Date: June 8, 2023

Language: Go

Severity Score

Related Resources (12)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?