AZL-37353

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-37353.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-37353

Upstream

CVE-2023-29402

Published

2023-06-08T21:15:16Z

Modified

2026-04-01T05:13:14.402644Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

CVE-2023-29402 affecting package golang for versions less than 1.21.6-1

Details

The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved using the go command, i.e. via "go get", are not affected (modules retrieved using GOPATH-mode, i.e. GO111MODULE=off, may be affected).

References

https://nvd.nist.gov/vuln/detail/CVE-2023-29402

Affected packages

Azure Linux:2 / golang

Package

Name: golang
Purl: pkg:rpm/azure-linux/golang

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.18.0

Fixed

1.21.6-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-37353.json"