Vulnerability Report: GO-2023-1839

  • CVE-2023-29402
  • Affects: cmd/go
  • Published: Jun 08, 2023
  • Modified: Jun 12, 2023

The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved using the go command, i.e. via "go get", are not affected (modules retrieved using GOPATH-mode, i.e. GO111MODULE=off, may be affected).

Affected Packages

  • Path
    Versions
    Symbols
  • cmd/go
    before go1.19.10, from go1.20.0-0 before go1.20.5
    all symbols

Aliases

References

Credits

  • Juho Nurminen of Mattermost

Feedback

See anything missing or incorrect? Suggest an edit to this report.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.