CVE-2020-28367

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-28367

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-28367.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-28367

Aliases

Downstream

BELL-CVE-2020-28367

DEBIAN-CVE-2020-28367

DLA-2460-1

DLA-3395-1

RHSA-2020:5333

RHSA-2020:5493

RHSA-2021:0145

SUSE-SU-2020:3368-1

SUSE-SU-2020:3369-1

UBUNTU-CVE-2020-28367

openSUSE-SU-2020:2047-1

openSUSE-SU-2020:2067-1

openSUSE-SU-2020:2139-1

openSUSE-SU-2024:10807-1

openSUSE-SU-2024:10808-1

Related

Published

2020-11-18T17:15:12.057Z

Modified

2026-02-03T07:10:16.680765Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive.

References

Affected packages

Git / github.com/golang/go

Affected ranges

Type: GIT
Repo: https://github.com/golang/go
Events: Fixed

bc9c580409b61af6b29f0cbd9d45bec63dbe2ccb

Introduced

0fdc3801bfd43d6f55e4ea5bf095e1ea55430339

Fixed

c53315d6cf1b4bfea6ff356b4a1524778c683bb9

Affected versions

go1.*

go1.15

go1.15.1

go1.15.2

go1.15.3

go1.15.4

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-28367.json"