Home

CVE-2021-3115

Description

Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the go get command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download).

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.13

Associated Vulnerability

VulnerabilityOS Platform
(RHSA-2021:1746) go-toolset:rhel8 security, bug fix, and enhancement update delve-1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64.rpmLinux
(RHSA-2021:1746) go-toolset:rhel8 security, bug fix, and enhancement update delve-debugsource-1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64.rpmLinux
(RHSA-2021:1746) go-toolset:rhel8 security, bug fix, and enhancement update go-toolset-1.15.7-1.module+el8.4.0+9580+3b0e6c24.x86_64.rpmLinux
(RHSA-2021:1746) go-toolset:rhel8 security, bug fix, and enhancement update golang-1.15.7-1.module+el8.4.0+9580+3b0e6c24.x86_64.rpmLinux
(RHSA-2021:1746) go-toolset:rhel8 security, bug fix, and enhancement update golang-bin-1.15.7-1.module+el8.4.0+9580+3b0e6c24.x86_64.rpmLinux
(RHSA-2021:1746) go-toolset:rhel8 security, bug fix, and enhancement update golang-docs-1.15.7-1.module+el8.4.0+9580+3b0e6c24.noarch.rpmLinux
(RHSA-2021:1746) go-toolset:rhel8 security, bug fix, and enhancement update golang-misc-1.15.7-1.module+el8.4.0+9580+3b0e6c24.noarch.rpmLinux
(RHSA-2021:1746) go-toolset:rhel8 security, bug fix, and enhancement update golang-race-1.15.7-1.module+el8.4.0+9580+3b0e6c24.x86_64.rpmLinux
(RHSA-2021:1746) go-toolset:rhel8 security, bug fix, and enhancement update golang-src-1.15.7-1.module+el8.4.0+9580+3b0e6c24.noarch.rpmLinux
(RHSA-2021:1746) go-toolset:rhel8 security, bug fix, and enhancement update golang-tests-1.15.7-1.module+el8.4.0+9580+3b0e6c24.noarch.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234