CVE-2016-3958

Published: May 23, 2016Modified: May 6, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Untrusted search path vulnerability in Go before 1.5.4 and 1.6.x before 1.6.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, related to use of the LoadLibrary function.

Affected (3)

Products: Golang: Go

Golang

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Golang Go	From 1.5 to 1.5.4
Golang Go	From 1.6 to 1.6.1

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Golang Go	Version 1.6

Related CWEs

CWE-264

References (10)

http://www.openwall.com/lists/oss-security/2016/04/05/1

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2016/04/05/2

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://github.com/golang/go/issues/14959

Source: cve@mitre.org

Third Party Advisory

https://go-review.googlesource.com/#/c/21428/

Source: cve@mitre.org

Vendor Advisory

https://groups.google.com/forum/#%21topic/golang-announce/9eqIHqaWvck

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2016/04/05/1