VDB
BIT-golang-2025-22867
BIT-golang-2025-22867
PUBLISHED
CVSS 7.5 HIGH
On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the @executable_path, @loader_path, or @rpath special values in a "#cgo LDFLAGS" directive. This issue only affected go1.24rc2.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | golang | 1.24.0-rc.2, 1.24.0-rc.2, 1.24.0-rc.2 |
Timeline
- Feb 8, 2025 CVE Published
- Feb 8, 2025 CVE Updated