Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2023-39323

Good to know:

icon

Date: October 5, 2023

Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.

Language: Go

Severity Score

Related Resources (13)

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/
https://security.netapp.com/advisory/ntap-20231020-0001/
https://security.gentoo.org/glsa/202311-09
https://pkg.go.dev/vuln/GO-2023-2095
https://groups.google.com/g/golang-announce/c/XBa1oHDevAo
https://access.redhat.com/security/cve/CVE-2023-39323
https://go.dev/cl/533215
https://nvd.nist.gov/vuln/detail/CVE-2023-39323
https://security-tracker.debian.org/tracker/CVE-2023-39323
https://go.dev/issue/63211
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/
https://www.mend.io/vulnerability-database/CVE-2023-39323

Severity Score

Weakness Type (CWE)

Insufficient Information

NVD-CWE-noinfo

Top Fix

icon

Upgrade Version

Upgrade to version go1.20.9,go1.21.2

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

Do you need more information?

Contact Us