Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-39323

Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.

Published

2023-10-05T21:15:11.283

Last Modified

2025-06-12T16:15:20.520

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.1 (HIGH)

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	golang	go	< 1.20.9	Yes
Application	golang	go	< 1.21.2	Yes
Operating System	fedoraproject	fedora	37	Yes
Operating System	fedoraproject	fedora	38	Yes
Operating System	fedoraproject	fedora	39	Yes

References

https://go.dev/cl/533215 Patch ([email protected])
https://go.dev/issue/63211 Issue Tracking, Patch ([email protected])
https://groups.google.com/g/golang-announce/c/XBa1oHDevAo Mailing List, Release Notes ([email protected])
https://lists.fedoraproject.org/archives/list/[email protected]/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ Mailing List, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/[email protected]/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ Mailing List, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/[email protected]/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ Mailing List, Third Party Advisory ([email protected])
https://pkg.go.dev/vuln/GO-2023-2095 Vendor Advisory ([email protected])
https://security.gentoo.org/glsa/202311-09 Third Party Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20231020-0001/ Third Party Advisory ([email protected])
https://go.dev/cl/533215 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://go.dev/issue/63211 Issue Tracking, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://groups.google.com/g/golang-announce/c/XBa1oHDevAo Mailing List, Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/[email protected]/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/[email protected]/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/[email protected]/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://pkg.go.dev/vuln/GO-2023-2095 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202311-09 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20231020-0001/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)