CVE-2012-2666

Published: Jul 9, 2021Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/pkg/debug/gosym/pclntab_test.go creates a temporary file with predicable name and executes it as shell script.

Affected (1)

Products: Golang: Go

Golang

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Golang Go	Version 1.0.2

Related CWEs

CWE-377

Insecure Temporary File

Creating and using insecure temporary files can leave application and system data vulnerable to attack.

References (10)

https://bugzilla.suse.com/show_bug.cgi?id=765455

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://codereview.appspot.com/5992078

Source: secalert@redhat.com

ExploitThird Party Advisory

https://github.com/golang/go/commit/8ac275bb01588a8c0e6c0fe2de7fd11f08feccdd

Source: secalert@redhat.com

PatchThird Party Advisory

https://security.netapp.com/advisory/ntap-20210902-0009/

Source: secalert@redhat.com

Third Party Advisory

https://www.whitesourcesoftware.com/vulnerability-database/CVE-2012-2666

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.suse.com/show_bug.cgi?id=765455