CVE-2016-3958

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2016-3958

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-3958.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2016-3958

Aliases

GO-2021-0163

Downstream

BELL-CVE-2016-3958

Published

2016-05-23T19:59:03.353Z

Modified

2026-04-10T03:51:14.322881Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Untrusted search path vulnerability in Go before 1.5.4 and 1.6.x before 1.6.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, related to use of the LoadLibrary function.

References

Affected packages

Git / github.com/golang/go

Affected ranges

Type

GIT

Repo

https://github.com/golang/go

Events

Introduced

bb03defe933c89fee44be675d7aa0fbd893ced30

Fixed

a1ef950a15517bca223d079a6cf65948c3db9694

Introduced

7bc40ffb05d8813bf9b41a331b45d37216f9e747

Fixed

f5cf5673590a68c55b2330df9dfcdd6fac75b893

Introduced

Last affected

7bc40ffb05d8813bf9b41a331b45d37216f9e747

Database specific

{
    "versions": [
        {
            "introduced": "1.5"
        },
        {
            "fixed": "1.5.4"
        },
        {
            "introduced": "1.6"
        },
        {
            "fixed": "1.6.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.6"
        }
    ]
}

Affected versions

go1.*

go1.5

go1.5.1

go1.5.2

go1.5.3

go1.6

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-3958.json"