Vulnerability Description
golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/pkg/debug/gosym/pclntab_test.go creates a temporary file with predicable name and executes it as shell script.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Golang | Go | 1.0.2 |
Related Weaknesses (CWE)
References
- https://bugzilla.suse.com/show_bug.cgi?id=765455Issue TrackingPatchThird Party Advisory
- https://codereview.appspot.com/5992078ExploitThird Party Advisory
- https://github.com/golang/go/commit/8ac275bb01588a8c0e6c0fe2de7fd11f08feccddPatchThird Party Advisory
- https://security.netapp.com/advisory/ntap-20210902-0009/Third Party Advisory
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2012-2666Third Party Advisory
- https://bugzilla.suse.com/show_bug.cgi?id=765455Issue TrackingPatchThird Party Advisory
- https://codereview.appspot.com/5992078ExploitThird Party Advisory
- https://github.com/golang/go/commit/8ac275bb01588a8c0e6c0fe2de7fd11f08feccddPatchThird Party Advisory
- https://security.netapp.com/advisory/ntap-20210902-0009/Third Party Advisory
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2012-2666Third Party Advisory
FAQ
What is CVE-2012-2666?
CVE-2012-2666 is a vulnerability with a CVSS score of 9.8 (CRITICAL). golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/pkg/debug/gosym/pclntab_test.go creates a temporary file with predicable name and executes it as shell script.
How severe is CVE-2012-2666?
CVE-2012-2666 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2012-2666?
Check the references section above for vendor advisories and patch information. Affected products include: Golang Go.