CVE-2024-8244

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-8244

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-8244.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-8244

Downstream

DEBIAN-CVE-2024-8244

ECHO-cf03-9570-1659

UBUNTU-CVE-2024-8244

Published

2025-08-06T16:15:28Z

Modified

2025-08-09T19:01:28Z

Summary

[none]

Details

The filepath.Walk and filepath.WalkDir functions are documented as not following symbolic links, but both functions are susceptible to a TOCTOU (time of check/time of use) race condition where a portion of the path being walked is replaced with a symbolic link while the walk is in progress.

References

https://go.dev/issue/70007
https://pkg.go.dev/vuln/GO-2025-9999

CVE-2024-8244

Affected packages