 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| CVE ID: | CVE-2020-28367 |
| Description: | Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive. |
| Test IDs: | 1.3.6.1.4.1.25623.1.0.892460 1.3.6.1.4.1.25623.1.1.1.2.2023.3395 |
| Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-2020-28367 https://go.dev/cl/267277 https://go.dev/cl/267277 https://go.dev/issue/42556 https://go.dev/issue/42556 https://go.googlesource.com/go/+/da7aa86917811a571e6634b45a457f918b8e6561 https://go.googlesource.com/go/+/da7aa86917811a571e6634b45a457f918b8e6561 https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html https://pkg.go.dev/vuln/GO-2022-0476 https://pkg.go.dev/vuln/GO-2022-0476 |