CVE-2016-3958

EPSS 0.15%

Privilege escalation on Windows via malicious DLL in syscall

發布日:2022/1/5修改日:2024/5/20

也稱為:GO-2021-0163

描述

Untrusted search path vulnerability on Windows related to LoadLibrary allows local users to gain privileges via a malicious DLL in the current working directory.

受影響套件(1)

Go/stdlibfrom 0, < 1.5.4, >= 1.6.0-0, < 1.6.1

參考連結(4)

PATCHhttps://go.dev/cl/21428
PATCHhttps://go.googlesource.com/go/+/6a0bb87bd0bf0fdf8ddbd35f77a75ebd412f61b0
REPORThttps://go.dev/issue/14959
WEBhttps://groups.google.com/g/golang-announce/c/9eqIHqaWvck