CVE-2019-9634 — Uncontrolled Search Path Element in GO

Severity

7.8HIGHNVD

EPSS

0.5%

top 32.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedMar 8

Latest updateMay 25

Description

Go through 1.12 on Windows misuses certain LoadLibrary functionality, leading to DLL injection.

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

▶NVDgolang/go1.12 — 1.12.2+1

OSV

DLL injection on Windows in runtime and syscall↗2022-05-25

▶

GHSA

GHSA-jw84-wj3c-4mvv: Go through 1↗2022-05-13

▶

CVEList

CVE-2019-9634: Go through 1↗2019-03-08

▶