← Back to CVE List

CVE-2023-29404

Published: 2023-06-08T21:15Z
Last Modified: 2025-01-06T20:15Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. The arguments for a number of flags which are non-optional are incorrectly considered optional, allowing disallowed flags to be smuggled through the LDFLAGS sanitization. This affects usage of both the gc and gccgo compilers. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt