CVE-2016-3958

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-3958

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-3958.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2016-3958

Aliases

GO-2021-0163

Published

2016-05-23T19:59:03.353Z

Modified

2025-11-20T10:26:55.117135Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Untrusted search path vulnerability in Go before 1.5.4 and 1.6.x before 1.6.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, related to use of the LoadLibrary function.

References

Affected packages

Git / github.com/golang/go

Affected ranges

Type: GIT
Repo: https://github.com/golang/go
Events: Introduced

bb03defe933c89fee44be675d7aa0fbd893ced30

Fixed

a1ef950a15517bca223d079a6cf65948c3db9694

Affected versions

go1.*

go1.5

go1.5.1

go1.5.2

go1.5.3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-3958.json"