VDB

RHEA-2023%3A7311

RHEA-2023%3A7311 PUBLISHED CVSS 8.100000381469727 HIGH

A flaw was found in the golang cmd/go standard library. A line directive ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to pass during compilation. This can result in the unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.

Risk Scores

CVSS 3.1
8.100000381469727
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Red Hatubi8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64 as a component of Red Hat Enterprise Linux AppStream (v. 8)ubi8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64
Red Hatubi8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64 as a component of Red Hat Enterprise Linux AppStream (v. 8)ubi8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64
Red Hatrhel8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)*
Red Hatubi8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)ubi8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x
Red Hatrhel8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)rhel8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le
Red Hatrhel8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64 as a component of Red Hat Enterprise Linux AppStream (v. 8)rhel8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64
Red Hatrhel8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64 as a component of Red Hat Enterprise Linux AppStream (v. 8)*
Red Hatubi8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)ubi8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le

Timeline

  • Nov 16, 2023 CVE Published
  • Jan 28, 2026 CVE Updated
  • May 1, 2026 Security Advisory
  • May 1, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›