CNNVD-202601-4670 Information
Jan 28, 2026
cve
CNNVD ID
CNNVD-202601-4670
Related CVE
- CNNVD Published: 2026-01-28
Description (Chinese)
Google Go是美国谷歌(Google)公司的一种静态强类型、编译型、并发型,并具有垃圾回收功能的编程语言。 Google Go存在安全漏洞,该漏洞源于#cgo pkg-config指令可能被利用写入攻击者控制的文件,可能导致部分文件内容被控制。
Description (English)
Google Go is a static type, compiler, hairdresser of Google and a programme language with a garbage recovery function. There is a security loophole in Google Go, which stems from the possibility that the #cgo pkg-config directive could be used to write to documents controlled by the assailant, which could lead to the control of parts of the document.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
谷歌
Published
2026-01-28
Last Modified
2026-02-24
References
https://go.dev/cl/736711 https://go.dev/issue/77100 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://pkg.go.dev/vuln/GO-2026-4339