cbcvebase.
CVE-2023-39323
published 2023-10-05

CVE-2023-39323: Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during…

PriorityP354high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
EPSS
1.76%
75.2th percentile
Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.

Affected

22 ranges
VendorProductVersion rangeFixed in
aimeosai-admin-graphql>= 2022.04.1 < 2022.10.102022.10.10
aimeosai-admin-graphql>= 2023.04.1 < 2023.10.62023.10.6
aimeosai-admin-graphql>= 2024.04.1 < 2024.04.62024.04.6
debiangolang-1.15
debiangolang-1.19
fedoraprojectfedora
fedoraprojectfedora
fedoraprojectfedora
go_toolchaincmd_go< 1.20.91.20.9
go_toolchaincmd_go>= 1.21.0-0 < 1.21.21.21.2
golanggo< 1.20.91.20.9
golanggo>= 1.21.0 < 1.21.21.21.2
msrcazl3_golang_1.20.10-1_on_azure_linux_3.0
msrcazl3_golang_1.24.3-1_on_azure_linux_3.0
msrcazl3_python-tensorboard_2.16.2-6_on_azure_linux_3.0
msrcazl3_tensorflow_2.16.1-9_on_azure_linux_3.0
msrccbl2_golang_1.17.13-2_on_cbl_mariner_2.0
msrccbl2_golang_1.18.8-7_on_cbl_mariner_2.0
msrccbl2_golang_1.20.10-1_on_cbl_mariner_2.0
msrccbl2_golang_1.21.6-1_on_cbl_mariner_2.0
msrccbl2_msft-golang_1.24.1-2_on_cbl_mariner_2.0
msrccbl2_tensorflow_2.11.1-2_on_cbl_mariner_2.0

CVSS provenance

nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
osv8.1HIGH
vendor_debian8.1HIGH
vendor_msrc8.1HIGH
vendor_redhat8.1HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.