Go Toolchain Cmd Cgo vulnerabilities
3 known vulnerabilities affecting go_toolchain/cmd_cgo.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2
Vulnerabilities
Page 1 of 1
CVE-2025-61732HIGHCVSS 8.6fixed in 1.24.13≥ 1.25.0-0, < 1.25.72026-02-05
CVE-2025-61732 [HIGH] CWE-94 CVE-2025-61732: A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resu
A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary.
cvelistv5nvd
CVE-2023-29405CRITICALCVSS 9.8fixed in 1.19.10≥ 1.20.0-0, < 1.20.52023-06-08
CVE-2023-29405 [CRITICAL] CWE-74 CVE-2023-29405: The go command may execute arbitrary code at build time when using cgo. This may occur when running
The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. Flags containing embedded spaces are mishandled, allowing disallowed fla
cvelistv5nvd
CVE-2020-28366HIGHCVSS 7.5fixed in 1.14.12≥ 1.15.0-0, < 1.15.52020-11-18
CVE-2020-28366 [HIGH] CWE-94 CVE-2020-28366: Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code exec
Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file.
cvelistv5nvd