CVE-2016-3958GO vulnerability

CWE-2644 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.2%
top 63.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Golang GO
Timeline
PublishedMay 23
Latest updateMay 14

Description

Untrusted search path vulnerability in Go before 1.5.4 and 1.6.x before 1.6.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, related to use of the LoadLibrary function.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

NVDgolang/go1.51.5.4+2

🔴Vulnerability Details

3
GHSA
GHSA-8w8c-fgc5-6f3r: Untrusted search path vulnerability in Go before 12022-05-14
OSV
Privilege escalation on Windows via malicious DLL in syscall2022-01-05
CVEList
CVE-2016-3958: Untrusted search path vulnerability in Go before 12016-05-23
CVE-2016-3958 — Golang GO vulnerability | cvebase