CVE-2023-29402

NVD

https://nvd.nist.gov/vuln/detail/CVE-2023-29402

Severity

9.8

Critical

CVSS V3

Eliminate CVEs with Chainguard hardened images

Build, ship, and run secure software with minimal, hardened container images — rebuilt from source daily and guarded under our industry-leading remediation SLA.

Start for free

Description

The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved using the go command, i.e. via "go get", are not affected (modules retrieved using GOPATH-mode, i.e. GO111MODULE=off, may be affected).

References

https://nvd.nist.gov/vuln/detail/CVE-2023-29402
https://github.com/advisories/GHSA-f2cj-5636-4j38
https://pkg.go.dev/vuln/GO-2023-1839
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZ2O6YCO2IZMZJELQGZYR2WAUNEDLYV6/
https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ
https://security.gentoo.org/glsa/202311-09
https://security.netapp.com/advisory/ntap-20241213-0004/
https://go.dev/issue/60167
https://go.dev/cl/501226
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XBS3IIK6ADV24C5ULQU55QLT2UE762ZX/

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CVE-2023-29402

Severity

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company