CNNVD-202509-2864 Information
CNNVD ID
CNNVD-202509-2864
Related CVE
- CNNVD Published: 2025-09-18
Description (Chinese)
Google Go是美国谷歌(Google)公司的一种静态强类型、编译型、并发型,并具有垃圾回收功能的编程语言。 Google Go存在安全漏洞,该漏洞源于PATH环境变量包含可执行文件路径时,传递特定字符串到LookPath可能导致返回意外二进制文件。
Description (English)
Google Go is a static type, compiler, hairdresser of Google and a programme language with a garbage recovery function. There is a security loophole in Google Go, which stems from the fact that passing a specific string to the LookPath may result in the return of an unexpected binary file when the PATH environment variable contains an executable path.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
GoPlace!
Published
2025-09-18
Last Modified
2026-02-24
References
https://go.dev/cl/691775 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://pkg.go.dev/vuln/GO-2025-3956 https://go.dev/issue/74466 https://access.redhat.com/security/cve/cve-2025-47906 https://vigilance.fr/vulnerability/Go-two-vulnerabilities-dated-12-08-2025-47931
Patch
https://go-review.googlesource.com/c/go/+/691775
Share on: