/

CVE-2023-29402 Report - Details, Severity, & Advisorie...

CVE-2023-29402 Report - Details, Severity, & Advisories

Twingate Team

Jun 28, 2024

What is CVE-2023-29402?

CVE-2023-29402 is a critical vulnerability in the Go programming language when using cgo. This issue may cause unexpected code generation at build time, leading to unexpected behavior when running a Go program that uses cgo. The vulnerability affects systems running Go versions up to 1.19.10 and from 1.20.0 up to 1.20.5, specifically when running an untrusted module with directories containing newline characters in their names.

Who is impacted by CVE-2023-29402?

Users of the Go programming language who use cgo and run untrusted modules with directories containing newline characters in their names are impacted. This includes Fedora users who use the Go programming language with cgo in the affected versions up to 1.19.10 and from 1.20.0 up to 1.20.5.

What to do if CVE-2023-29402 affected you

If you're affected by the CVE-2023-29402 vulnerability, it's important to take action to protect your system. First, update your Go installation to the latest patched version (1.19.10 or 1.20.5). Next, avoid running untrusted modules with directories containing newline characters in their names. Finally, keep an eye on updates and patches provided by the Go team to address this vulnerability.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-29402 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This issue, known as cgo code injection, affects Go programming language users who run untrusted modules with directories containing newline characters in their names.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-94, which involves improper control of code generation, specifically code injection in the Go programming language when using go.

Learn More

For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or refer to the sources below:

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

CVE-2023-29402 Report - Details, Severity, & Advisorie...

CVE-2023-29402 Report - Details, Severity, & Advisories

Twingate Team

Jun 28, 2024

What is CVE-2023-29402?

CVE-2023-29402 is a critical vulnerability in the Go programming language when using cgo. This issue may cause unexpected code generation at build time, leading to unexpected behavior when running a Go program that uses cgo. The vulnerability affects systems running Go versions up to 1.19.10 and from 1.20.0 up to 1.20.5, specifically when running an untrusted module with directories containing newline characters in their names.

Who is impacted by CVE-2023-29402?

Users of the Go programming language who use cgo and run untrusted modules with directories containing newline characters in their names are impacted. This includes Fedora users who use the Go programming language with cgo in the affected versions up to 1.19.10 and from 1.20.0 up to 1.20.5.

What to do if CVE-2023-29402 affected you

If you're affected by the CVE-2023-29402 vulnerability, it's important to take action to protect your system. First, update your Go installation to the latest patched version (1.19.10 or 1.20.5). Next, avoid running untrusted modules with directories containing newline characters in their names. Finally, keep an eye on updates and patches provided by the Go team to address this vulnerability.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-29402 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This issue, known as cgo code injection, affects Go programming language users who run untrusted modules with directories containing newline characters in their names.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-94, which involves improper control of code generation, specifically code injection in the Go programming language when using go.

Learn More

For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or refer to the sources below:

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

CVE-2023-29402 Report - Details, Severity, & Advisories

Twingate Team

Jun 28, 2024

What is CVE-2023-29402?

CVE-2023-29402 is a critical vulnerability in the Go programming language when using cgo. This issue may cause unexpected code generation at build time, leading to unexpected behavior when running a Go program that uses cgo. The vulnerability affects systems running Go versions up to 1.19.10 and from 1.20.0 up to 1.20.5, specifically when running an untrusted module with directories containing newline characters in their names.

Who is impacted by CVE-2023-29402?

Users of the Go programming language who use cgo and run untrusted modules with directories containing newline characters in their names are impacted. This includes Fedora users who use the Go programming language with cgo in the affected versions up to 1.19.10 and from 1.20.0 up to 1.20.5.

What to do if CVE-2023-29402 affected you

If you're affected by the CVE-2023-29402 vulnerability, it's important to take action to protect your system. First, update your Go installation to the latest patched version (1.19.10 or 1.20.5). Next, avoid running untrusted modules with directories containing newline characters in their names. Finally, keep an eye on updates and patches provided by the Go team to address this vulnerability.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-29402 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This issue, known as cgo code injection, affects Go programming language users who run untrusted modules with directories containing newline characters in their names.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-94, which involves improper control of code generation, specifically code injection in the Go programming language when using go.

Learn More

For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or refer to the sources below: