Security Advisory

CVE-2025-22867

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-02-06 17:09:56

Last updated 2025-02-06 21:23:25

Assigner Go

State PUBLISHED

Description

On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the @executable_path, @loader_path, or @rpath special values in a "#cgo LDFLAGS" directive. This issue only affected go1.24rc2.

← Browse all CVEs View on cve.org ↗