CVE-2016-3958
Published: 23 May 2016
Untrusted search path vulnerability in Go before 1.5.4 and 1.6.x before 1.6.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, related to use of the LoadLibrary function.
Notes
Author | Note |
---|---|
mdeslaur | Packages built using golang need to be rebuilt once the vulnerability has been fixed. This CVE entry does not list packages that need rebuilding outside of the main repository or the Ubuntu variants with PPA overlays. |
sbeattie | windows only dll preload attack |
Priority
CVSS 3 base score: 7.8
Status
Package | Release | Status |
---|---|---|
golang Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
precise |
Not vulnerable
(windows only)
|
|
trusty |
Does not exist
(trusty was not-affected [windows only])
|
|
wily |
Not vulnerable
(windows only)
|
|
golang-1.6 Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was not-affected [windows only])
|
|
wily |
Does not exist
|