Vulnerability CVE-2024-24787: Information

Description

On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive.

URL: https://nvd.nist.gov/vuln/detail/CVE-2024-24787
Published: May 8, 2024
Modified: May 8, 2024

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
golangsisyphus1.22.3-alt11.22.3-alt1ALT-PU-2024-7548-1347664Fixed
golangsisyphus_riscv641.22.3-alt11.22.3-alt1ALT-PU-2024-7660-1-Fixed
golangsisyphus_loongarch641.22.3-alt11.22.3-alt1ALT-PU-2024-7625-1-Fixed
golangp101.21.10-alt11.21.10-alt1ALT-PU-2024-7550-2347665Fixed
golangc10f11.21.10-alt11.21.10-alt1ALT-PU-2024-7585-2347667Fixed
golangp111.22.3-alt11.22.3-alt1ALT-PU-2024-7548-1347664Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://go.dev/issue/67119
    https://go.dev/cl/583815
      https://groups.google.com/g/golang-announce/c/wkkO4P9stm0
        https://pkg.go.dev/vuln/GO-2024-2825
          VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
          Version: v24.5.3
          Back to top