VDB

GCVE-VVD-MAGEIA-2021-18

GCVE-VVD-MAGEIA-2021-18
Advisory Published
Vulnetix · Advisory published February 5, 2021
An input validation vulnerability was found in go. From a generated go file (from the cgo tool) it is possible to modify symbols within that object file and specify code instead. An attacker could potentially use this flaw by creating a repository which included malicious pre-built object files that could execute arbitrary code when downloaded and run via "go get" or "go build" whilst building a go project (CVE-2020-28366). An input validation vulnerability was found in go. If cgo is specified in a go file, it is possible to bypass the validation of arguments to the gcc compiler. An attacker could potentially use this flaw by creating a malicious repository which would execute arbitrary code when downloaded and run via "go get" or "go build" whilst building a go project (CVE-2020-28367).
Download JSON Open in Console

Affected Products

VendorProductVersionsPlatforms
Mageiaopenafs0 (affected), 1.8.6-2.mga7 (unaffected)
Mageiagolang0 (affected), 1.13.15-3.mga7 (unaffected), 0 (affected), 1.13.15-3.mga7 (unaffected)

References

Updated golang packages fix security vulnerabilities
advisory
Updated golang packages fix security vulnerabilities
issue
Updated golang packages fix security vulnerabilities
issue
Updated openafs packages improve 5.10 Kernels compatibility
advisory
Updated openafs packages improve 5.10 Kernels compatibility
issue
Updated openafs packages improve 5.10 Kernels compatibility
issue

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›