Action not permitted
Modal body text goes here.
cve-2023-39323
Vulnerability from cvelistv5
Published
2023-10-05 20:36
Modified
2024-08-02 18:02
Severity ?
EPSS score ?
Summary
Arbitrary code execution during build via line directives in cmd/go
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Go toolchain | cmd/go |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T18:02:06.899Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://go.dev/issue/63211" }, { "tags": [ "x_transferred" ], "url": "https://go.dev/cl/533215" }, { "tags": [ "x_transferred" ], "url": "https://groups.google.com/g/golang-announce/c/XBa1oHDevAo" }, { "tags": [ "x_transferred" ], "url": "https://pkg.go.dev/vuln/GO-2023-2095" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20231020-0001/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202311-09" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://pkg.go.dev", "defaultStatus": "unaffected", "packageName": "cmd/go", "product": "cmd/go", "vendor": "Go toolchain", "versions": [ { "lessThan": "1.20.9", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "1.21.2", "status": "affected", "version": "1.21.0-0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "Line directives (\"//line\") can be used to bypass the restrictions on \"//go:cgo_\" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running \"go build\". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex." } ], "problemTypes": [ { "descriptions": [ { "description": "CWE 94: Improper Control of Generation of Code (\u0027Code Injection\u0027)", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-05T20:36:58.756Z", "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go" }, "references": [ { "url": "https://go.dev/issue/63211" }, { "url": "https://go.dev/cl/533215" }, { "url": "https://groups.google.com/g/golang-announce/c/XBa1oHDevAo" }, { "url": "https://pkg.go.dev/vuln/GO-2023-2095" }, { "url": "https://security.netapp.com/advisory/ntap-20231020-0001/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/" }, { "url": "https://security.gentoo.org/glsa/202311-09" } ], "title": "Arbitrary code execution during build via line directives in cmd/go" } }, "cveMetadata": { "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "assignerShortName": "Go", "cveId": "CVE-2023-39323", "datePublished": "2023-10-05T20:36:58.756Z", "dateReserved": "2023-07-27T17:05:55.188Z", "dateUpdated": "2024-08-02T18:02:06.899Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2023-39323\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2023-10-05T21:15:11.283\",\"lastModified\":\"2024-01-04T18:04:15.457\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Line directives (\\\"//line\\\") can be used to bypass the restrictions on \\\"//go:cgo_\\\" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running \\\"go build\\\". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.\"},{\"lang\":\"es\",\"value\":\"Las directivas de l\u00ednea (\\\"//line\\\") se pueden utilizar para evitar las restricciones de las directivas \\\"//go:cgo_\\\", permitiendo que se pasen indicadores bloqueados del enlazador y del compilador durante la compilaci\u00f3n. Esto puede provocar la ejecuci\u00f3n inesperada de c\u00f3digo arbitrario al ejecutar \\\"go build\\\". La directiva de l\u00ednea requiere la ruta absoluta del archivo en el que se encuentra la directiva, lo que hace que explotar este problema sea significativamente m\u00e1s complejo.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.20.9\",\"matchCriteriaId\":\"84851C3D-3035-457E-96D9-48E219817D58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.21.0\",\"versionEndExcluding\":\"1.21.2\",\"matchCriteriaId\":\"7381A279-81EB-48D9-8065-C733FA8736B8\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646\"}]}]}],\"references\":[{\"url\":\"https://go.dev/cl/533215\",\"source\":\"security@golang.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://go.dev/issue/63211\",\"source\":\"security@golang.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/XBa1oHDevAo\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Release Notes\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://pkg.go.dev/vuln/GO-2023-2095\",\"source\":\"security@golang.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202311-09\",\"source\":\"security@golang.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20231020-0001/\",\"source\":\"security@golang.org\",\"tags\":[\"Third Party Advisory\"]}]}}" } }
wid-sec-w-2023-2516
Vulnerability from csaf_certbund
Published
2023-09-28 22:00
Modified
2024-03-03 23:00
Summary
Golang Go: Mehre Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Go ist eine quelloffene Programmiersprache.
Angriff
Ein Angreifer kann eine Schwachstelle in Golang Go ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
- MacOS X
- Windows
- Sonstiges
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Go ist eine quelloffene Programmiersprache.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein Angreifer kann eine Schwachstelle in Golang Go ausnutzen, um einen nicht n\u00e4her spezifizierten Angriff durchzuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- Linux\n- MacOS X\n- Windows\n- Sonstiges", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-2516 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2516.json" }, { "category": "self", "summary": "WID-SEC-2023-2516 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2516" }, { "category": "external", "summary": "Golang Security Advisory vom 2023-09-28", "url": "https://groups.google.com/g/golang-announce/c/2dWHvJVFA9s/m/lF9Srr_QAAAJ" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2023:4017-1 vom 2023-10-09", "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-October/016574.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2023:4018-1 vom 2023-10-09", "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-October/016573.html" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS-2023-1871 vom 2023-10-19", "url": "https://alas.aws.amazon.com/ALAS-2023-1871.html" }, { "category": "external", "summary": "Fedora Security Advisory FEDORA-2023-FE53E13B5B vom 2023-10-20", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-fe53e13b5b" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALASECS-2023-016 vom 2023-11-01", "url": "https://alas.aws.amazon.com/AL2/ALASECS-2023-016.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2023:4472-1 vom 2023-11-16", "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-November/017047.html" }, { "category": "external", "summary": "Fedora Security Advisory FEDORA-EPEL-2023-1C906D04EE vom 2023-11-24", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-1c906d04ee" }, { "category": "external", "summary": "Gentoo Linux Security Advisory GLSA-202311-09 vom 2023-11-25", "url": "https://security.gentoo.org/glsa/202311-09" }, { "category": "external", "summary": "IBM Security Bulletin 7104449 vom 2024-01-02", "url": "https://www.ibm.com/support/pages/node/7104449" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6574-1 vom 2024-01-11", "url": "https://ubuntu.com/security/notices/USN-6574-1" }, { "category": "external", "summary": "Splunk Security Advisory SVD-2024-0109 vom 2024-01-22", "url": "https://advisory.splunk.com//advisories/SVD-2024-0109" }, { "category": "external", "summary": "XEROX Security Advisory XRX24-004 vom 2024-03-04", "url": "https://security.business.xerox.com/wp-content/uploads/2024/03/Xerox%C2%AE-Security-Bulletin-XRX24-004-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v7.pdf" }, { "category": "external", "summary": "XEROX Security Advisory XRX24-005 vom 2024-03-04", "url": "https://security.business.xerox.com/wp-content/uploads/2024/03/Xerox-Security-Bulletin-XRX24-005-Xerox-FreeFlow%C2%AE-Print-Server-v9_Feb-2024.pdf" } ], "source_lang": "en-US", "title": "Golang Go: Mehre Schwachstellen", "tracking": { "current_release_date": "2024-03-03T23:00:00.000+00:00", "generator": { "date": "2024-03-04T09:06:46.505+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2023-2516", "initial_release_date": "2023-09-28T22:00:00.000+00:00", "revision_history": [ { "date": "2023-09-28T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2023-10-08T22:00:00.000+00:00", "number": "2", "summary": "Referenz(en) aufgenommen: GO-2023-2095, 2242544" }, { "date": "2023-10-09T22:00:00.000+00:00", "number": "3", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2023-10-19T22:00:00.000+00:00", "number": "4", "summary": "Neue Updates von Amazon aufgenommen" }, { "date": "2023-10-22T22:00:00.000+00:00", "number": "5", "summary": "Neue Updates von Fedora aufgenommen" }, { "date": "2023-11-01T23:00:00.000+00:00", "number": "6", "summary": "Neue Updates von Amazon aufgenommen" }, { "date": "2023-11-16T23:00:00.000+00:00", "number": "7", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2023-11-23T23:00:00.000+00:00", "number": "8", "summary": "Neue Updates von Fedora aufgenommen" }, { "date": "2023-11-26T23:00:00.000+00:00", "number": "9", "summary": "Neue Updates von Gentoo aufgenommen" }, { "date": "2024-01-02T23:00:00.000+00:00", "number": "10", "summary": "Neue Updates von IBM aufgenommen" }, { "date": "2024-01-10T23:00:00.000+00:00", "number": "11", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2024-01-22T23:00:00.000+00:00", "number": "12", "summary": "Neue Updates von Splunk-SVD aufgenommen" }, { "date": "2024-03-03T23:00:00.000+00:00", "number": "13", "summary": "Neue Updates von XEROX aufgenommen" } ], "status": "final", "version": "13" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Amazon Linux 2", "product": { "name": "Amazon Linux 2", "product_id": "398363", "product_identification_helper": { "cpe": "cpe:/o:amazon:linux_2:-" } } } ], "category": "vendor", "name": "Amazon" }, { "branches": [ { "category": "product_name", "name": "Fedora Linux", "product": { "name": "Fedora Linux", "product_id": "74185", "product_identification_helper": { "cpe": "cpe:/o:fedoraproject:fedora:-" } } } ], "category": "vendor", "name": "Fedora" }, { "branches": [ { "category": "product_name", "name": "Gentoo Linux", "product": { "name": "Gentoo Linux", "product_id": "T012167", "product_identification_helper": { "cpe": "cpe:/o:gentoo:linux:-" } } } ], "category": "vendor", "name": "Gentoo" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "\u003c 1.21.2", "product": { "name": "Golang Go \u003c 1.21.2", "product_id": "T030161", "product_identification_helper": { "cpe": "cpe:/a:golang:go:1.21.2" } } }, { "category": "product_version_range", "name": "\u003c 1.20.9", "product": { "name": "Golang Go \u003c 1.20.9", "product_id": "T030162", "product_identification_helper": { "cpe": "cpe:/a:golang:go:1.20.9" } } } ], "category": "product_name", "name": "Go" } ], "category": "vendor", "name": "Golang" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "REST \u003c 1.0.0.1158-amd64", "product": { "name": "IBM DB2 REST \u003c 1.0.0.1158-amd64", "product_id": "T031843", "product_identification_helper": { "cpe": "cpe:/a:ibm:db2:rest__1.0.0.1158-amd64" } } } ], "category": "product_name", "name": "DB2" } ], "category": "vendor", "name": "IBM" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux", "product": { "name": "SUSE Linux", "product_id": "T002207", "product_identification_helper": { "cpe": "cpe:/o:suse:suse_linux:-" } } } ], "category": "vendor", "name": "SUSE" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "\u003c 9.0.8", "product": { "name": "Splunk Splunk Enterprise \u003c 9.0.8", "product_id": "T032269", "product_identification_helper": { "cpe": "cpe:/a:splunk:splunk:9.0.8" } } }, { "category": "product_version_range", "name": "\u003c 9.1.3", "product": { "name": "Splunk Splunk Enterprise \u003c 9.1.3", "product_id": "T032270", "product_identification_helper": { "cpe": "cpe:/a:splunk:splunk:9.1.3" } } } ], "category": "product_name", "name": "Splunk Enterprise" } ], "category": "vendor", "name": "Splunk" }, { "branches": [ { "category": "product_name", "name": "Ubuntu Linux", "product": { "name": "Ubuntu Linux", "product_id": "T000126", "product_identification_helper": { "cpe": "cpe:/o:canonical:ubuntu_linux:-" } } } ], "category": "vendor", "name": "Ubuntu" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "v7", "product": { "name": "Xerox FreeFlow Print Server v7", "product_id": "T015631", "product_identification_helper": { "cpe": "cpe:/a:xerox:freeflow_print_server:v7" } } }, { "category": "product_version", "name": "v9", "product": { "name": "Xerox FreeFlow Print Server v9", "product_id": "T015632", "product_identification_helper": { "cpe": "cpe:/a:xerox:freeflow_print_server:v9" } } } ], "category": "product_name", "name": "FreeFlow Print Server" } ], "category": "vendor", "name": "Xerox" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-39324", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Golang Go, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T032269", "T002207", "T031843", "T000126", "398363", "T015632", "T032270", "T012167", "T015631", "74185" ] }, "release_date": "2023-09-28T22:00:00Z", "title": "CVE-2023-39324" }, { "cve": "CVE-2023-39323", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Golang Go, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T032269", "T002207", "T031843", "T000126", "398363", "T015632", "T032270", "T012167", "T015631", "74185" ] }, "release_date": "2023-09-28T22:00:00Z", "title": "CVE-2023-39323" } ] }
ghsa-679v-hh23-h5jh
Vulnerability from github
Published
2023-10-05 21:30
Modified
2023-11-04 00:30
Severity ?
Details
Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.
{ "affected": [], "aliases": [ "CVE-2023-39323" ], "database_specific": { "cwe_ids": [], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2023-10-05T21:15:11Z", "severity": "CRITICAL" }, "details": "Line directives (\"//line\") can be used to bypass the restrictions on \"//go:cgo_\" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running \"go build\". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.", "id": "GHSA-679v-hh23-h5jh", "modified": "2023-11-04T00:30:21Z", "published": "2023-10-05T21:30:46Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39323" }, { "type": "WEB", "url": "https://go.dev/cl/533215" }, { "type": "WEB", "url": "https://go.dev/issue/63211" }, { "type": "WEB", "url": "https://groups.google.com/g/golang-announce/c/XBa1oHDevAo" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2" }, { "type": "WEB", "url": "https://pkg.go.dev/vuln/GO-2023-2095" }, { "type": "WEB", "url": "https://security.gentoo.org/glsa/202311-09" }, { "type": "WEB", "url": "https://security.netapp.com/advisory/ntap-20231020-0001" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }
rhea-2023_7311
Vulnerability from csaf_redhat
Published
2023-11-16 07:58
Modified
2024-11-05 16:10
Summary
Red Hat Enhancement Advisory: go-toolset-container bug fix and enhancement update
Notes
Topic
An update for go-toolset-container is now available for Red Hat Enterprise Linux 8.
Details
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for go-toolset-container is now available for Red Hat Enterprise Linux 8.", "title": "Topic" }, { "category": "general", "text": "For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes linked from the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHEA-2023:7311", "url": "https://access.redhat.com/errata/RHEA-2023:7311" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.9_release_notes/index", "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.9_release_notes/index" }, { "category": "external", "summary": "2235856", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235856" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhea-2023_7311.json" } ], "title": "Red Hat Enhancement Advisory: go-toolset-container bug fix and enhancement update", "tracking": { "current_release_date": "2024-11-05T16:10:20+00:00", "generator": { "date": "2024-11-05T16:10:20+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHEA-2023:7311", "initial_release_date": "2023-11-16T07:58:05+00:00", "revision_history": [ { "date": "2023-11-16T07:58:05+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-11-16T07:58:05+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T16:10:20+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product": { "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.9.0.GA", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "ubi8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", "product": { "name": "ubi8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", "product_id": "ubi8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", "product_identification_helper": { "purl": "pkg:oci/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5?arch=amd64\u0026repository_url=registry.redhat.io/ubi8/go-toolset\u0026tag=1.20.10-3" } } }, { "category": "product_version", "name": "rhel8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", "product": { "name": "rhel8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", "product_id": "rhel8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", "product_identification_helper": { "purl": "pkg:oci/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5?arch=amd64\u0026repository_url=registry.redhat.io/rhel8/go-toolset\u0026tag=1.20.10-3" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "ubi8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", "product": { "name": "ubi8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", "product_id": "ubi8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", "product_identification_helper": { "purl": "pkg:oci/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9?arch=s390x\u0026repository_url=registry.redhat.io/ubi8/go-toolset\u0026tag=1.20.10-3" } } }, { "category": "product_version", "name": "rhel8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", "product": { "name": "rhel8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", "product_id": "rhel8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", "product_identification_helper": { "purl": "pkg:oci/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9?arch=s390x\u0026repository_url=registry.redhat.io/rhel8/go-toolset\u0026tag=1.20.10-3" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "ubi8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", "product": { "name": "ubi8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", "product_id": "ubi8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", "product_identification_helper": { "purl": "pkg:oci/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015?arch=ppc64le\u0026repository_url=registry.redhat.io/ubi8/go-toolset\u0026tag=1.20.10-3" } } }, { "category": "product_version", "name": "rhel8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", "product": { "name": "rhel8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", "product_id": "rhel8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", "product_identification_helper": { "purl": "pkg:oci/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015?arch=ppc64le\u0026repository_url=registry.redhat.io/rhel8/go-toolset\u0026tag=1.20.10-3" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "ubi8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64", "product": { "name": "ubi8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64", "product_id": "ubi8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64", "product_identification_helper": { "purl": "pkg:oci/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a?arch=arm64\u0026repository_url=registry.redhat.io/ubi8/go-toolset\u0026tag=1.20.10-3" } } }, { "category": "product_version", "name": "rhel8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64", "product": { "name": "rhel8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64", "product_id": "rhel8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64", "product_identification_helper": { "purl": "pkg:oci/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a?arch=arm64\u0026repository_url=registry.redhat.io/rhel8/go-toolset\u0026tag=1.20.10-3" } } } ], "category": "architecture", "name": "arm64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rhel8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le" }, "product_reference": "rhel8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", "relates_to_product_reference": "AppStream-8.9.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "rhel8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x" }, "product_reference": "rhel8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", "relates_to_product_reference": "AppStream-8.9.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "rhel8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64" }, "product_reference": "rhel8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", "relates_to_product_reference": "AppStream-8.9.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "rhel8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64" }, "product_reference": "rhel8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64", "relates_to_product_reference": "AppStream-8.9.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "ubi8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le" }, "product_reference": "ubi8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", "relates_to_product_reference": "AppStream-8.9.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "ubi8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x" }, "product_reference": "ubi8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", "relates_to_product_reference": "AppStream-8.9.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "ubi8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64" }, "product_reference": "ubi8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", "relates_to_product_reference": "AppStream-8.9.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "ubi8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64" }, "product_reference": "ubi8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64", "relates_to_product_reference": "AppStream-8.9.0.GA" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-39323", "cwe": { "id": "CWE-94", "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)" }, "discovery_date": "2023-10-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2242544" } ], "notes": [ { "category": "description", "text": "A flaw was found in the golang cmd/go standard library. A line directive (\"//line\") can be used to bypass the restrictions on \"//go:cgo_\" directives, allowing blocked linker and compiler flags to pass during compilation. This can result in the unexpected execution of arbitrary code when running \"go build\". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: cmd/go: line directives allows arbitrary execution during build", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64", "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-39323" }, { "category": "external", "summary": "RHBZ#2242544", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242544" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-39323", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39323" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39323", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39323" }, { "category": "external", "summary": "https://go.dev/cl/533215", "url": "https://go.dev/cl/533215" }, { "category": "external", "summary": "https://go.dev/issue/63211", "url": "https://go.dev/issue/63211" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/XBa1oHDevAo", "url": "https://groups.google.com/g/golang-announce/c/XBa1oHDevAo" }, { "category": "external", "summary": "https://vuln.go.dev/ID/GO-2023-2095.json", "url": "https://vuln.go.dev/ID/GO-2023-2095.json" } ], "release_date": "2023-10-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-16T07:58:05+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64", "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHEA-2023:7311" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64", "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: cmd/go: line directives allows arbitrary execution during build" } ] }
rhba-2023_6928
Vulnerability from csaf_redhat
Published
2023-11-14 16:04
Modified
2024-11-05 16:05
Summary
Red Hat Bug Fix Advisory: go-toolset:rhel8 bug fix and enhancement update
Notes
Topic
An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.
Details
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.", "title": "Topic" }, { "category": "general", "text": "For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes linked from the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHBA-2023:6928", "url": "https://access.redhat.com/errata/RHBA-2023:6928" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.9_release_notes/index", "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.9_release_notes/index" }, { "category": "external", "summary": "2186495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2186495" }, { "category": "external", "summary": "2226901", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2226901" }, { "category": "external", "summary": "2230599", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2230599" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhba-2023_6928.json" } ], "title": "Red Hat Bug Fix Advisory: go-toolset:rhel8 bug fix and enhancement update", "tracking": { "current_release_date": "2024-11-05T16:05:47+00:00", "generator": { "date": "2024-11-05T16:05:47+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHBA-2023:6928", "initial_release_date": "2023-11-14T16:04:55+00:00", "revision_history": [ { "date": "2023-11-14T16:04:55+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-11-14T16:04:55+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T16:05:47+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product": { "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.9.0.GA", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "go-toolset:rhel8:8090020231013032436:26eb71ac", "product": { "name": "go-toolset:rhel8:8090020231013032436:26eb71ac", "product_id": "go-toolset:rhel8:8090020231013032436:26eb71ac", "product_identification_helper": { "purl": "pkg:rpmmod/redhat/go-toolset@rhel8:8090020231013032436:26eb71ac" } } }, { "category": "product_version", "name": "golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "product": { "name": "golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "product_id": "golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-docs@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=noarch" } } }, { "category": "product_version", "name": "golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "product": { "name": "golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "product_id": "golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-misc@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=noarch" } } }, { "category": "product_version", "name": "golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "product": { "name": "golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "product_id": "golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-src@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=noarch" } } }, { "category": "product_version", "name": "golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "product": { "name": "golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "product_id": "golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-tests@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "product": { "name": "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "product_id": "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/go-toolset@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=aarch64" } } }, { "category": "product_version", "name": "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "product": { "name": "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "product_id": "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=aarch64" } } }, { "category": "product_version", "name": "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "product": { "name": "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "product_id": "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-bin@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=aarch64" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "product": { "name": "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "product_id": "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/go-toolset@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=src" } } }, { "category": "product_version", "name": "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "product": { "name": "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "product_id": "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=src" } } }, { "category": "product_version", "name": "delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "product": { "name": "delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "product_id": "delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/delve@1.20.2-1.module%2Bel8.9.0%2B18926%2B5193682d?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "product": { "name": "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "product_id": "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/go-toolset@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=ppc64le" } } }, { "category": "product_version", "name": "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "product": { "name": "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "product_id": "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=ppc64le" } } }, { "category": "product_version", "name": "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "product": { "name": "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "product_id": "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-bin@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "product": { "name": "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "product_id": "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/go-toolset@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=s390x" } } }, { "category": "product_version", "name": "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "product": { "name": "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "product_id": "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=s390x" } } }, { "category": "product_version", "name": "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "product": { "name": "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "product_id": "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-bin@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "product": { "name": "delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "product_id": "delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/delve@1.20.2-1.module%2Bel8.9.0%2B18926%2B5193682d?arch=x86_64" } } }, { "category": "product_version", "name": "delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "product": { "name": "delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "product_id": "delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/delve-debuginfo@1.20.2-1.module%2Bel8.9.0%2B18926%2B5193682d?arch=x86_64" } } }, { "category": "product_version", "name": "delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "product": { "name": "delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "product_id": "delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/delve-debugsource@1.20.2-1.module%2Bel8.9.0%2B18926%2B5193682d?arch=x86_64" } } }, { "category": "product_version", "name": "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "product": { "name": "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "product_id": "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/go-toolset@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=x86_64" } } }, { "category": "product_version", "name": "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "product": { "name": "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "product_id": "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=x86_64" } } }, { "category": "product_version", "name": "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "product": { "name": "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "product_id": "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-bin@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac" }, "product_reference": "go-toolset:rhel8:8090020231013032436:26eb71ac", "relates_to_product_reference": "AppStream-8.9.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src" }, "product_reference": "delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "relates_to_product_reference": "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac" }, { "category": "default_component_of", "full_product_name": { "name": "delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64 as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64" }, "product_reference": "delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "relates_to_product_reference": "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac" }, { "category": "default_component_of", "full_product_name": { "name": "delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64 as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64" }, "product_reference": "delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "relates_to_product_reference": "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac" }, { "category": "default_component_of", "full_product_name": { "name": "delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64 as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64" }, "product_reference": "delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "relates_to_product_reference": "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac" }, { "category": "default_component_of", "full_product_name": { "name": "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64 as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64" }, "product_reference": "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "relates_to_product_reference": "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac" }, { "category": "default_component_of", "full_product_name": { "name": "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le" }, "product_reference": "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "relates_to_product_reference": "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac" }, { "category": "default_component_of", "full_product_name": { "name": "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x" }, "product_reference": "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "relates_to_product_reference": "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac" }, { "category": "default_component_of", "full_product_name": { "name": "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src" }, "product_reference": "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "relates_to_product_reference": "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac" }, { "category": "default_component_of", "full_product_name": { "name": "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64 as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64" }, "product_reference": "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "relates_to_product_reference": "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac" }, { "category": "default_component_of", "full_product_name": { "name": "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64 as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64" }, "product_reference": "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "relates_to_product_reference": "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac" }, { "category": "default_component_of", "full_product_name": { "name": "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le" }, "product_reference": "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "relates_to_product_reference": "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac" }, { "category": "default_component_of", "full_product_name": { "name": "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x" }, "product_reference": "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "relates_to_product_reference": "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac" }, { "category": "default_component_of", "full_product_name": { "name": "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src" }, "product_reference": "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "relates_to_product_reference": "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac" }, { "category": "default_component_of", "full_product_name": { "name": "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64 as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64" }, "product_reference": "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "relates_to_product_reference": "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac" }, { "category": "default_component_of", "full_product_name": { "name": "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64 as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64" }, "product_reference": "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "relates_to_product_reference": "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac" }, { "category": "default_component_of", "full_product_name": { "name": "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le" }, "product_reference": "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "relates_to_product_reference": "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac" }, { "category": "default_component_of", "full_product_name": { "name": "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x" }, "product_reference": "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "relates_to_product_reference": "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac" }, { "category": "default_component_of", "full_product_name": { "name": "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64 as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64" }, "product_reference": "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "relates_to_product_reference": "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac" }, { "category": "default_component_of", "full_product_name": { "name": "golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch" }, "product_reference": "golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "relates_to_product_reference": "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac" }, { "category": "default_component_of", "full_product_name": { "name": "golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch" }, "product_reference": "golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "relates_to_product_reference": "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac" }, { "category": "default_component_of", "full_product_name": { "name": "golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch" }, "product_reference": "golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "relates_to_product_reference": "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac" }, { "category": "default_component_of", "full_product_name": { "name": "golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch" }, "product_reference": "golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "relates_to_product_reference": "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Takeshi Kaneko" ], "organization": "GMO Cybersecurity by Ierae, Inc." } ], "cve": "CVE-2023-39318", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2023-09-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2237776" } ], "notes": [ { "category": "description", "text": "A flaw was found in Golang. The html/template package did not properly handle HMTL-like \"\u003c!--\" and \"--\u003e\" comment tokens, nor hashbang \"#!\" comment tokens, in \u003cscript\u003e contexts. This issue may cause the template parser to improperly interpret the contents of \u003cscript\u003e contexts, causing actions to be improperly escaped.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: html/template: improper handling of HTML-like comments within script contexts", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-39318" }, { "category": "external", "summary": "RHBZ#2237776", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237776" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-39318", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39318" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39318", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39318" }, { "category": "external", "summary": "https://go.dev/cl/526156", "url": "https://go.dev/cl/526156" }, { "category": "external", "summary": "https://go.dev/issue/62196", "url": "https://go.dev/issue/62196" }, { "category": "external", "summary": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", "url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ" }, { "category": "external", "summary": "https://vuln.go.dev/ID/GO-2023-2041.json", "url": "https://vuln.go.dev/ID/GO-2023-2041.json" } ], "release_date": "2023-09-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-14T16:04:55+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2023:6928" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: html/template: improper handling of HTML-like comments within script contexts" }, { "acknowledgments": [ { "names": [ "Takeshi Kaneko" ], "organization": "GMO Cybersecurity by Ierae, Inc." } ], "cve": "CVE-2023-39319", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2023-09-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2237773" } ], "notes": [ { "category": "description", "text": "A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of \"\u003cscript\", \"\u003c!--\", and \"\u003c/script\" within JS literals in \u003cscript\u003e contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: html/template: improper handling of special tags within script contexts", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-39319" }, { "category": "external", "summary": "RHBZ#2237773", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237773" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-39319", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39319" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39319", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39319" }, { "category": "external", "summary": "https://go.dev/cl/526157", "url": "https://go.dev/cl/526157" }, { "category": "external", "summary": "https://go.dev/issue/62197", "url": "https://go.dev/issue/62197" }, { "category": "external", "summary": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", "url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ" }, { "category": "external", "summary": "https://vuln.go.dev/ID/GO-2023-2043.json", "url": "https://vuln.go.dev/ID/GO-2023-2043.json" } ], "release_date": "2023-09-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-14T16:04:55+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2023:6928" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: html/template: improper handling of special tags within script contexts" }, { "acknowledgments": [ { "names": [ "Martin Seemann" ] } ], "cve": "CVE-2023-39321", "discovery_date": "2023-09-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2237777" } ], "notes": [ { "category": "description", "text": "A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: crypto/tls: panic when processing post-handshake message on QUIC connections", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-39321" }, { "category": "external", "summary": "RHBZ#2237777", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237777" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-39321", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39321" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39321", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39321" }, { "category": "external", "summary": "https://go.dev/cl/523039", "url": "https://go.dev/cl/523039" }, { "category": "external", "summary": "https://go.dev/issue/62266", "url": "https://go.dev/issue/62266" }, { "category": "external", "summary": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", "url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ" }, { "category": "external", "summary": "https://vuln.go.dev/ID/GO-2023-2044.json", "url": "https://vuln.go.dev/ID/GO-2023-2044.json" } ], "release_date": "2023-09-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-14T16:04:55+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2023:6928" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: crypto/tls: panic when processing post-handshake message on QUIC connections" }, { "acknowledgments": [ { "names": [ "Marten Seemann" ] } ], "cve": "CVE-2023-39322", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2023-09-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2237778" } ], "notes": [ { "category": "description", "text": "A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: crypto/tls: lack of a limit on buffered post-handshake", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-39322" }, { "category": "external", "summary": "RHBZ#2237778", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237778" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-39322", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39322" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39322", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39322" }, { "category": "external", "summary": "https://go.dev/cl/523039", "url": "https://go.dev/cl/523039" }, { "category": "external", "summary": "https://go.dev/issue/62266", "url": "https://go.dev/issue/62266" }, { "category": "external", "summary": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", "url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ" }, { "category": "external", "summary": "https://vuln.go.dev/ID/GO-2023-2045.json", "url": "https://vuln.go.dev/ID/GO-2023-2045.json" } ], "release_date": "2023-09-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-14T16:04:55+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2023:6928" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: crypto/tls: lack of a limit on buffered post-handshake" }, { "cve": "CVE-2023-39323", "cwe": { "id": "CWE-94", "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)" }, "discovery_date": "2023-10-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2242544" } ], "notes": [ { "category": "description", "text": "A flaw was found in the golang cmd/go standard library. A line directive (\"//line\") can be used to bypass the restrictions on \"//go:cgo_\" directives, allowing blocked linker and compiler flags to pass during compilation. This can result in the unexpected execution of arbitrary code when running \"go build\". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: cmd/go: line directives allows arbitrary execution during build", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-39323" }, { "category": "external", "summary": "RHBZ#2242544", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242544" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-39323", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39323" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39323", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39323" }, { "category": "external", "summary": "https://go.dev/cl/533215", "url": "https://go.dev/cl/533215" }, { "category": "external", "summary": "https://go.dev/issue/63211", "url": "https://go.dev/issue/63211" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/XBa1oHDevAo", "url": "https://groups.google.com/g/golang-announce/c/XBa1oHDevAo" }, { "category": "external", "summary": "https://vuln.go.dev/ID/GO-2023-2095.json", "url": "https://vuln.go.dev/ID/GO-2023-2095.json" } ], "release_date": "2023-10-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-14T16:04:55+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2023:6928" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: cmd/go: line directives allows arbitrary execution during build" } ] }
gsd-2023-39323
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2023-39323", "id": "GSD-2023-39323" }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2023-39323" ], "details": "Line directives (\"//line\") can be used to bypass the restrictions on \"//go:cgo_\" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running \"go build\". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.", "id": "GSD-2023-39323", "modified": "2023-12-13T01:20:33.654209Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "security@golang.org", "ID": "CVE-2023-39323", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "cmd/go", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "0", "version_value": "1.20.9" }, { "version_affected": "\u003c", "version_name": "1.21.0-0", "version_value": "1.21.2" } ] } } ] }, "vendor_name": "Go toolchain" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Line directives (\"//line\") can be used to bypass the restrictions on \"//go:cgo_\" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running \"go build\". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE 94: Improper Control of Generation of Code (\u0027Code Injection\u0027)" } ] } ] }, "references": { "reference_data": [ { "name": "https://go.dev/issue/63211", "refsource": "MISC", "url": "https://go.dev/issue/63211" }, { "name": "https://go.dev/cl/533215", "refsource": "MISC", "url": "https://go.dev/cl/533215" }, { "name": "https://groups.google.com/g/golang-announce/c/XBa1oHDevAo", "refsource": "MISC", "url": "https://groups.google.com/g/golang-announce/c/XBa1oHDevAo" }, { "name": "https://pkg.go.dev/vuln/GO-2023-2095", "refsource": "MISC", "url": "https://pkg.go.dev/vuln/GO-2023-2095" }, { "name": "https://security.netapp.com/advisory/ntap-20231020-0001/", "refsource": "MISC", "url": "https://security.netapp.com/advisory/ntap-20231020-0001/" }, { "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/", "refsource": "MISC", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/" }, { "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/", "refsource": "MISC", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/" }, { "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/", "refsource": "MISC", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/" }, { "name": "https://security.gentoo.org/glsa/202311-09", "refsource": "MISC", "url": "https://security.gentoo.org/glsa/202311-09" } ] } }, "nvd.nist.gov": { "cve": { "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", "matchCriteriaId": "84851C3D-3035-457E-96D9-48E219817D58", "versionEndExcluding": "1.20.9", "vulnerable": true }, { "criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", "matchCriteriaId": "7381A279-81EB-48D9-8065-C733FA8736B8", "versionEndExcluding": "1.21.2", "versionStartIncluding": "1.21.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "descriptions": [ { "lang": "en", "value": "Line directives (\"//line\") can be used to bypass the restrictions on \"//go:cgo_\" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running \"go build\". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex." }, { "lang": "es", "value": "Las directivas de l\u00ednea (\"//line\") se pueden utilizar para evitar las restricciones de las directivas \"//go:cgo_\", permitiendo que se pasen indicadores bloqueados del enlazador y del compilador durante la compilaci\u00f3n. Esto puede provocar la ejecuci\u00f3n inesperada de c\u00f3digo arbitrario al ejecutar \"go build\". La directiva de l\u00ednea requiere la ruta absoluta del archivo en el que se encuentra la directiva, lo que hace que explotar este problema sea significativamente m\u00e1s complejo." } ], "id": "CVE-2023-39323", "lastModified": "2024-01-04T18:04:15.457", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-10-05T21:15:11.283", "references": [ { "source": "security@golang.org", "tags": [ "Patch" ], "url": "https://go.dev/cl/533215" }, { "source": "security@golang.org", "tags": [ "Issue Tracking", "Patch" ], "url": "https://go.dev/issue/63211" }, { "source": "security@golang.org", "tags": [ "Mailing List", "Release Notes" ], "url": "https://groups.google.com/g/golang-announce/c/XBa1oHDevAo" }, { "source": "security@golang.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/" }, { "source": "security@golang.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/" }, { "source": "security@golang.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/" }, { "source": "security@golang.org", "tags": [ "Vendor Advisory" ], "url": "https://pkg.go.dev/vuln/GO-2023-2095" }, { "source": "security@golang.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202311-09" }, { "source": "security@golang.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20231020-0001/" } ], "sourceIdentifier": "security@golang.org", "vulnStatus": "Analyzed", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] } } } }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.