CVE Published: 08/05/2024 |
CVE Updated: 01/08/2024 |
CVE Year: 2024 Source: Go |
Vendor: Go toolchain |
Product: cmd/go Status : PUBLISHED
CVE-2024-24787 Description
On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive.