CVE-2012-2666 Information

Description

golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/pkg/debug/gosym/pclntab_test.go creates a temporary file with predicable name and executes it as shell script.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://github.com/golang/go/commit/8ac275bb01588a8c0e6c0fe2de7fd11f08feccdd https://www.whitesourcesoftware.com/vulnerability-database/CVE-2012-2666 https://codereview.appspot.com/5992078 https://bugzilla.suse.com/show_bug.cgi?id=765455 https://security.netapp.com/advisory/ntap-20210902-0009/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8