VDB
RHEA-2023%3A7311
RHEA-2023%3A7311
PUBLISHED
CVSS 8.100000381469727 HIGH
A flaw was found in the golang cmd/go standard library. A line directive ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to pass during compilation. This can result in the unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.
Risk Scores
CVSS 3.1
8.100000381469727
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | ubi8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64 as a component of Red Hat Enterprise Linux AppStream (v. 8) | ubi8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64 |
| Red Hat | ubi8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64 as a component of Red Hat Enterprise Linux AppStream (v. 8) | ubi8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64 |
| Red Hat | rhel8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x as a component of Red Hat Enterprise Linux AppStream (v. 8) | * |
| Red Hat | ubi8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x as a component of Red Hat Enterprise Linux AppStream (v. 8) | ubi8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x |
| Red Hat | rhel8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8) | rhel8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le |
| Red Hat | rhel8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64 as a component of Red Hat Enterprise Linux AppStream (v. 8) | rhel8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64 |
| Red Hat | rhel8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64 as a component of Red Hat Enterprise Linux AppStream (v. 8) | * |
| Red Hat | ubi8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8) | ubi8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le |
Timeline
- Nov 16, 2023 CVE Published
- Jan 28, 2026 CVE Updated
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHEA-2023:7311 advisory
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.9_release_notes/index advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2235856 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhea-2023_7311.json advisory
- https://access.redhat.com/security/cve/CVE-2023-39323 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2242544 issue
- https://www.cve.org/CVERecord?id=CVE-2023-39323 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-39323 advisory
- https://go.dev/cl/533215 advisory
- https://go.dev/issue/63211 advisory
- https://groups.google.com/g/golang-announce/c/XBa1oHDevAo advisory
- https://vuln.go.dev/ID/GO-2023-2095.json advisory