GO-2022-0220

Source

https://storage.googleapis.com/go-vulndb/ID/GO-2022-0220.json

Aliases

CVE-2019-9634

Published

2022-05-25T18:01:46Z

Modified

2022-08-19T22:21:47Z

Details

Go on Windows misused certain LoadLibrary functionality, leading to DLL injection.

References

https://go.dev/cl/165798
https://go.googlesource.com/go/+/9b6e9f0c8c66355c0f0575d808b32f52c8c6d21c
https://go.dev/issue/28978
https://groups.google.com/g/golang-announce/c/z9eTD34GEIs/m/Z_XmhTrVAwAJ
https://nvd.nist.gov/vuln/detail/CVE-2019-9634

Affected packages

Go / stdlib

stdlib

Affected ranges

Type: SEMVER
Events: Introduced

0

Fixed

1.11.10

Introduced

1.12.0

Fixed

1.12.2

Affected versions

Ecosystem specific

{
    "imports": [
        {
            "goos": [
                "windows"
            ],
            "path": "runtime",
            "symbols": [
                "loadOptionalSyscalls",
                "osinit",
                "syscall_loadsystemlibrary"
            ]
        },
        {
            "symbols": [
                "LoadDLL"
            ],
            "goos": [
                "windows"
            ],
            "path": "syscall"
        }
    ]
}

Database specific

{
    "url": "https://pkg.go.dev/vuln/GO-2022-0220"
}