AZL-27122

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-27122.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-27122

Upstream

CVE-2023-29402

Published

2023-06-08T21:15:16Z

Modified

2026-04-01T05:08:57.800328Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

CVE-2023-29402 affecting package msft-golang for versions less than 1.19.10-1

Details

The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved using the go command, i.e. via "go get", are not affected (modules retrieved using GOPATH-mode, i.e. GO111MODULE=off, may be affected).

References

https://nvd.nist.gov/vuln/detail/CVE-2023-29402

Affected packages

Azure Linux:2 / msft-golang

Package

Name: msft-golang
Purl: pkg:rpm/azure-linux/msft-golang

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.19.10-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-27122.json"