Vulnerability Report: GO-2022-0220
standard library- CVE-2019-9634
- Affects: runtime, syscall
- Published: May 25, 2022
- Modified: May 20, 2024
Go on Windows misused certain LoadLibrary functionality, leading to DLL injection.
Affected Packages
-
PathGo VersionsSymbols
-
before go1.11.10, from go1.12.0-0 before go1.12.2all symbols
-
before go1.11.10, from go1.12.0-0 before go1.12.2
Aliases
References
- https://go.dev/cl/165798
- https://go.googlesource.com/go/+/9b6e9f0c8c66355c0f0575d808b32f52c8c6d21c
- https://go.dev/issue/28978
- https://groups.google.com/g/golang-announce/c/z9eTD34GEIs/m/Z_XmhTrVAwAJ
- https://vuln.go.dev/ID/GO-2022-0220.json
Credits
- Samuel Cochran, Jason Donenfeld
Feedback
See anything missing or incorrect?
Suggest an edit to this report.