目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

Go toolchain 厂商漏洞列表 / CVE 中文分析 22

Go toolchain 厂商相关 22 条 CVE 漏洞,含 AI 中文分析、POC、CVSS 评分与受影响产品。

Go toolchain是Go语言的官方开发工具集,包含编译器、链接器和标准库等核心组件,用于构建和维护Go应用程序。历史上,其常见漏洞类型包括内存安全问题和缓冲区溢出,部分可导致远程代码执行。值得关注的是,2021年曾曝出标准库net/http包的请求走私漏洞(CVE-2021-23412),影响广泛。尽管已记录22条CVE,Go语言的设计仍强调内存安全,多数漏洞源于标准库实现而非语言本身。

上位製品 Go toolchain: cmd/go cmd/compile cmd/cgo
CVE IDタイトルCVSS深刻度公開日
CVE-2026-42501 Malicious module proxy can bypass checksum database in cmd/go — cmd/go--2026-05-07
CVE-2026-39819 Invoking "go bug" follows symlinks in predictable temporary filenames in cmd/go — cmd/go--2026-05-07
CVE-2026-39817 Invoking "go tool pack" does not sanitize output paths in cmd/go — cmd/go--2026-05-07
CVE-2026-27140 Code execution vulnerability in SWIG code generation in cmd/go — cmd/go 7.8AIHighAI2026-04-08
CVE-2026-27143 Missing bound checks can lead to memory corruption in safe Go in cmd/compile — cmd/compile 8.4AIHighAI2026-04-08
CVE-2026-27144 Miscompilation allows memory corruption via CONVNOP-wrapped array copy in cmd/compile — cmd/compile 8.4AIHighAI2026-04-08
CVE-2025-61732 Potential code smuggling via doc comments in cmd/cgo — cmd/cgo 9.8AICriticalAI2026-02-05
CVE-2025-61731 Arbitrary file write using cgo pkg-config directive in cmd/go — cmd/go 5.5AIMediumAI2026-01-28
CVE-2025-68119 Unexpected code execution when invoking toolchain in cmd/go — cmd/go 9.8AICriticalAI2026-01-28
CVE-2025-4674 Unexpected command execution in untrusted VCS repositories in cmd/go — cmd/go 9.8AICriticalAI2025-07-29
CVE-2025-22867 Arbitrary code execution during build on darwin in cmd/go — cmd/go 9.8 -2025-02-06
CVE-2024-45340 GOAUTH credential leak in cmd/go — cmd/go 9.1 -2025-01-28
CVE-2023-24531 Output of "go env" does not sanitize values in cmd/go — cmd/go 9.8AICriticalAI2024-07-02
CVE-2024-24787 Arbitrary code execution during build on Darwin in cmd/go — cmd/go 8.8AIHighAI2024-05-08
CVE-2023-45285 Command 'go get' may unexpectedly fallback to insecure git in cmd/go — cmd/go 9.1 -2023-12-06
CVE-2023-39323 Arbitrary code execution during build via line directives in cmd/go — cmd/go 7.4 -2023-10-05
CVE-2023-39320 Arbitrary code execution via go.mod toolchain directive in cmd/go — cmd/go 9.8 -2023-09-08
CVE-2023-29405 Improper sanitization of LDFLAGS with embedded spaces in go command with cgo in cmd/go — cmd/go 9.8 -2023-06-08
CVE-2023-29404 Improper handling of non-optional LDFLAGS in go command with cgo in cmd/go — cmd/go 9.8 -2023-06-08
CVE-2023-29402 Code injection via go command with cgo in cmd/go — cmd/go 8.4 -2023-06-08
CVE-2020-28366 Arbitrary code execution in go command with cgo in cmd/go and cmd/cgo — cmd/go 8.0 -2020-11-18
CVE-2020-28367 Arbitrary code execution via the go command with cgo in cmd/go — cmd/go 8.8 -2020-11-18

本页汇总了 Go toolchain 厂商截至目前公开的全部 22 条 CVE 漏洞。每条漏洞均包含 CVSS 评分、CWE 弱点分类、受影响产品与参考链接,并附带 AI 生成的中文分析以便快速判断风险。