CVE-2012-2666Insecure Temporary File in Golang

CWE-377Insecure Temporary File3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.5%
top 33.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GO GolangGolang GO
Timeline
PublishedJul 9
Latest updateApr 23

Description

golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/pkg/debug/gosym/pclntab_test.go creates a temporary file with predicable name and executes it as shell script.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5go/golanggo/golang 1.0.2
NVDgolang/go1.0.2

Patches

Patch: bugzilla.suse.comPatch: github.comPatch: bugzilla.suse.com

🔴Vulnerability Details

2
GHSA
GHSA-259v-fw35-w989: golang/go in 12022-04-23
CVEList
CVE-2012-2666: golang/go in 12021-07-09
CVE-2012-2666 — Insecure Temporary File in GO Golang | cvebase