exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 3 of 3 RSS Feed

CVE-2023-39323

Status Candidate

Overview

Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.

Related Files

Ubuntu Security Notice USN-7111-1
Posted Nov 15, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7111-1 - Philippe Antoine discovered that Go incorrectly handled crafted HTTP/2 streams. An attacker could possibly use this issue to cause a denial of service. Marten Seemann discovered that Go did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a panic resulting in a denial of service. Ameya Darshan and Jakob Ackermann discovered that Go did not properly validate the amount of memory and disk files ReadForm can consume. An attacker could possibly use this issue to cause a panic resulting in a denial of service.

tags | advisory, web, denial of service
systems | linux, ubuntu
advisories | CVE-2022-41723, CVE-2022-41724, CVE-2022-41725, CVE-2023-24536, CVE-2023-39323, CVE-2023-45288, CVE-2023-45290, CVE-2024-24783, CVE-2024-24784, CVE-2024-24789, CVE-2024-24791, CVE-2024-34155, CVE-2024-34156, CVE-2024-34158
SHA-256 | 8309e2cc82bec72641de9766c00b5b04be56b3f96d79c53bdc77264e677a87a9
Ubuntu Security Notice USN-7109-1
Posted Nov 14, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7109-1 - Philippe Antoine discovered that Go incorrectly handled crafted HTTP/2 streams. An attacker could possibly use this issue to cause a denial of service. Marten Seemann discovered that Go did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a panic resulting in a denial of service. Ameya Darshan and Jakob Ackermann discovered that Go did not properly validate the amount of memory and disk files ReadForm can consume. An attacker could possibly use this issue to cause a panic resulting in a denial of service.

tags | advisory, web, denial of service
systems | linux, ubuntu
advisories | CVE-2022-41723, CVE-2022-41724, CVE-2022-41725, CVE-2023-24531, CVE-2023-24536, CVE-2023-29402, CVE-2023-29403, CVE-2023-29404, CVE-2023-29405, CVE-2023-29406, CVE-2023-39323, CVE-2023-39325, CVE-2023-45288, CVE-2023-45290
SHA-256 | 58c0bd17f1c8113660d80deb0928ae6b2fe30fb7373a788126eaeb55879ba80a
Ubuntu Security Notice USN-6574-1
Posted Jan 11, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6574-1 - Takeshi Kaneko discovered that Go did not properly handle comments and special tags in the script context of html/template module. An attacker could possibly use this issue to inject Javascript code and perform a cross site scripting attack. This issue only affected Go 1.20 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 23.04. It was discovered that Go did not properly validate the "//go:cgo_" directives during compilation. An attacker could possibly use this issue to inject arbitrary code during compile time.

tags | advisory, arbitrary, javascript, xss
systems | linux, ubuntu
advisories | CVE-2023-39318, CVE-2023-39323, CVE-2023-39326, CVE-2023-45285
SHA-256 | b8c2a5761a1b9b637336f2af66c0577c0e91e5d6928b1d69d773c8f5060e8589
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close